瑞星卡卡安全论坛

首页 » 技术交流区 » 恶意网站交流 » http://marymagz.com/there37/they/coming82.html
09kaka - 2009-7-30 15:02:00
<script language=javascript>document.write(unescape('<script language="javascript">function dF(s){var s1=unescape(s.substr(0,s.length-1)); var t='';for(i=0;i<s1.length;i++)t+=String.fromCharCode(s1.charCodeAt(i)-s.substr(s.length-1,1));document.write(unescape(t));}</script>'));dF(''5Ejvon'5G'2C'5Ejgcf'5G'2C'5Euetkrv'42ncpiwcig'5F'44LcxcUetkrv303'44'42v{rg'5F'44vgzv1lcxcuetkrv'44'5G'2Cnqecvkqp0tgrnceg'4:'44jvvr'5C11nwzjgtdcn0eqo'44'4;'5D'2C'5E1uetkrv'5G'2C'5E1jgcf'5G'2C'5Edqf{'5G'2C'5E1dqf{'5G'2C'5E1jvon'5G'2C2')</script>


版主这个怎么解啊!

用户系统信息:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; CIBA)
shadowmin - 2009-7-30 15:54:00
function dF(s){var s1=unescape(s.substr(0,s.length-1)); var t='';for(i=0;i<s1.length;i++)t+=String.fromCharCode(s1.charCodeAt(i)-s.substr(s.length-1,1));document.write(unescape(t));}
dF('%275Ejvon%275G%272C%275Ejgcf%275G%272C%275Euetkrv%2742ncpiwcig%275F%2744LcxcUetkrv303%2744%2742v%7Brg%275F%2744vgzv1lcxcuetkrv%2744%275G%272Cnqecvkqp0tgrnceg%274%3A%2744jvvr%275C11nwzjgtdcn0eqo%2744%274%3B%275D%272C%275E1uetkrv%275G%272C%275E1jgcf%275G%272C%275Edqf%7B%275G%272C%275E1dqf%7B%275G%272C%275E1jvon%275G%272C2')
改造成这样,然后document.wirte清除
networkedition - 2009-7-30 15:58:00
<script language="javascript">function dF(s){var s1=unescape(s.substr(0,s.length-1)); var t='';for(i=0;i<s1.length;i++)t+=String.fromCharCode(s1.charCodeAt(i)-s.substr(s.length-1,1));document.write(unescape(t));}</script><html>
<head>
<script language="JavaScript1.1" type="text/javascript">
location.replace("http://luxherbal.com");
</script>
</head>
<body>
</body>
</html>
1
查看完整版本: http://marymagz.com/there37/they/coming82.html