1. 首页
  2. 问答
  3. 恶意使用Javascript - 它做了什么?

恶意使用Javascript - 它做了什么?

2010-10-27 47 views
-1

这个javascript做什么?这是一个缓冲区溢出?这是一个xss?它能做什么?这个farbbibliothek [x]数组的解码版本是什么?恶意使用Javascript - 它做了什么?

<SCRIPT> 
farbbibliothek = new Array(); 
farbbibliothek[0] = new Array("#FF0000","#FF1100","#FF2200","#FF3300","#FF4400","#FF5500","#FF6600","#FF7700","# 
FF8800","#FF9900","#FFaa00","#FFbb00","#FFcc00","#FFdd00","#FFee00","#FFff00","#FFee00","#FFdd00","#FFcc00","# 
FFbb00","#FFaa00","#FF9900","#FF8800","#FF7700","#FF6600","#FF5500","#FF4400","#FF3300","#FF2200","#FF1100"); 
farbbibliothek[1] = new Array("#00FF00","#000000","#00FF00","#00FF00"); 
farbbibliothek[2] = new Array("#00FF00","#FF0000","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","# 
00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","# 
00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","# 
00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00"); 
farbbibliothek[3] = new Array("#FF0000","#FF4000","#FF8000","#FFC000","#FFFF00","#C0FF00","#80FF00","#40FF00","# 
00FF00","#00FF40","#00FF80","#00FFC0","#00FFFF","#00C0FF","#0080FF","#0040FF","#0000FF","#4000FF","#8000FF","# 
C000FF","#FF00FF","#FF00C0","#FF0080","#FF0040"); 
farbbibliothek[4] = new Array("#FF0000","#EE0000","#DD0000","#CC0000","#BB0000","#AA0000","#990000","#880000","# 
770000","#660000","#550000","#440000","#330000","#220000","#110000","#000000","#110000","#220000","#330000","# 
440000","#550000","#660000","#770000","#880000","#990000","#AA0000","#BB0000","#CC0000","#DD0000","#EE0000"); 
farbbibliothek[5] = new Array("#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF"); 
farbbibliothek[6] = new Array("#0000FF","#FFFF00"); 
farben = farbbibliothek[4]; 
function farbschrift() 
{ 
for(var i=0 ; i<Buchstabe.length; i++) 
{ 
document.all["a"+i].style.color=farben[i]; 
} 
farbverlauf(); 
} 
function string2array(text) 
{ 
Buchstabe = new Array(); 
while(farben.length<text.length) 
{ 
farben = farben.concat(farben); 
} 
k=0; 
while(k<=text.length) 
{ 
Buchstabe[k] = text.charAt(k); 
k++; 
} 
} 
function divserzeugen() 
{ 
for(var i=0 ; i<Buchstabe.length; i++) 
{ 
document.write("<font face='monotype corsiva' size=30><span id='a"+i+"' class='a"+i+"'>"+Buchstabe[i] + "</span></fon 
t>"); 
} 
farbschrift(); 
} 
var a=1; 
function farbverlauf() 
{ 
for(var i=0 ; i<farben.length; i++) 
{ 
farben[i-1]=farben[i]; 
} 
farben[farben.length-1]=farben[-1]; 

setTimeout("farbschrift()",30); 
} 
// Zu Demonstrationszwecken***************** 
var farbsatz=1; 
function farbtauscher() 
{ 
farben = farbbibliothek[farbsatz]; 
while(farben.length<text.length) 
{ 
farben = farben.concat(farben); 
} 
farbsatz=Math.floor(Math.random()*(farbbibliothek.length-0.0001)); 
} 
setInterval("farbtauscher()",5000); 
text= " Test123 "; //h 
string2array(text); 
divserzeugen(); 
//document.write(text); 
</SCRIPT>

来源

2010-10-27 Fred

+1

什么让你觉得它的恶意? – 2010-10-27 10:22:06

+0

@ m.edmonson - 我看过混淆的恶意脚本,其中十六进制代码被评估为其他命令。虽然我同意你的看法,但偶然的检查反驳了这一点,但它可能是恶意的(一目了然)并不是不可想象的。也许调色板在眼睛上很难看。 – 2010-10-27 11:58:36

+0

我知道这是旧的,但如果你还在身边,@Fred,你在哪里找到这个代码? – 2012-08-01 21:14:11

回答

7

这是完全无害的:它是一个十六进制颜色值的数组。 “Farbbibliothek”是德语,意思是“色彩库”。

看起来好像代码生成了一些文本元素,并为它们提供了各种颜色。我看不出有什么危险。

Here's一个可用的JSFiddle。看起来不错!

来源

2010-10-27 10:19:22

+0

+1是颜色库 – 2010-10-27 10:21:37

+0

许多文本元素,并给它们各种颜色?我在浏览器中打开了这个脚本,它只显示一个标题,一个黑色背景和一个灰色的小短语。为此,更简单的应该是将颜色定义为背景黑色和字体灰色。对我来说没有意义。 – Fred 2010-10-27 10:24:55

+0

@Fred这是因为您的原始代码被破坏(还有一些额外的换行符)。查看我的链接,我修复了代码,并添加了一个''元素 – 2010-10-27 10:25:51

1

有一个的setInterval(“FARB陶舍尔()”,5000);在它,它不是在做佩卡的东西的jsfiddle,所以我做了一个样本,看看为什么... http://www.abv8.com/farbbibliothek.html ...它循环通过颜色

来源

2010-10-27 11:54:20 gravityboy

+0

+1好的工作,欢呼!没有注意到这一点。 – 2010-10-27 12:28:30

+0

哇,这很好。谢谢 – Fred 2010-10-27 14:33:46

2

这只是一个“黑客”脚了海报被攻破的网站。它和华丽的广告牌一样无害。

来源

2013-06-23 16:00:25

相关问题

 相关问题