Czyżby exploit ?

japcok · Wrzesień 1, 2007

tak jak w temacie prosze o sparwdzenie czy to exploit .. jakis koles wyslal do mnei wiadomosc n gg z linkiem kliknolem pokazala sie stronka wziolem zrodlo stronki i exploit byl zamaskowny wiec znalem jedna linike wpisalem w wyszukiwarke i pokazala mi sie cos takie podbne to do exploita ale czy to exploit ?

<!--

var stickerX=0, stickerY=0;
var stickerVX=0.0, stickerVY=0.0;
var stickerAX=0.0, stickerAY=0.0;
var stickerCurX=1280, stickerCurY=-800;
var stickerWidth, stickerHeight;
var sticker_closed=true;
var stickHotX, stickHotY;
var notimeout = false;
var isIE6 = document.all && document.getElementById ? true : false;
var isNS6 = ! isIE6 && document.getElementById ? true : false;
var win_w, win_h;
var auto_close_timeout;

function closeSticker(){
sticker_closed = true;

stickerX = -(stickerWidth+1000);
moveSticker();
}

function initStickerPos(){
var x, y;

var layer = document.getElementById ('regiedepub_sticker');

y = -(stickerHeight+50);
if (isIE6) {
x = document.body.clientWidth + document.body.scrollLeft + 10;
}
else {
x = window.pageXOffset + 10;
}

stickerCurX=x;
stickerCurY=y;

if (isIE6) {
layer.style.pixelLeft = x;
layer.style.pixelTop = y;
}
else if (isNS6) {
layer.style.left = x+'px';
layer.style.pixelTop = y+'py';
}
}

function updateStickerTarget(){
if(sticker_closed) return;

stickerY = 60;
if (isIE6) {
stickerX = document.body.clientWidth + document.body.scrollLeft;
}
else {
stickerX = window.pageXOffset;
}
stickerX -= (stickerWidth+50);

stickerVY += 10;
}

function onResize(){
updateStickerTarget();

notimeout = false;
setTimeout('moveSticker()', 20);
}

function accelSticker(x, y){
var dx, dy;

dx= stickerX - x;
dy= stickerY - y;

stickerAX = dx / 60;
stickerAY = dy / 60;

}

function moveSticker(){
var x, y, ax, ay;

var layer = document.getElementById ('regiedepub_sticker');

accelSticker(stickerCurX, stickerCurY);

stickerVX*=0.92;
stickerVY*=0.92;

stickerVX += stickerAX;
stickerVY += stickerAY;

stickerCurX+=stickerVX ;
stickerCurY+=stickerVY ;

x = Math.round(stickerCurX);
y = Math.round(stickerCurY);

if (isIE6) {
layer.style.pixelLeft = x;
layer.style.pixelTop = y;
}
else if (isNS6) {
layer.style.left = x+'px';
layer.style.pixelTop = y+'py';
}

if(x == stickerX && y == stickerY && stickerVX < 1 && stickerVY < 1){
notimeout = true;
saveSize();
setTimeout('checkSize()', 1000);
}
else{
notimeout = false;
setTimeout('moveSticker()', 20);
}
}

function saveSize(){
if(isIE6){
win_h = document.body.clientHeight;
win_w = document.body.clientWidth;
}
}

function checkSize(){
if(notimeout == false) return;

if(isIE6){
if(win_w != document.body.clientWidth || win_h !=document.body.clientHeight)
onResize();
else
setTimeout('checkSize()', 1000);
}
}

function initSticker(width, height){
sticker_closed=false;
stickerWidth = width;
stickerHeight = height;

initStickerPos();
updateStickerTarget();

if(isIE6){
for(i=1;i<=3;i++){

xImg = document.images["sticker"+i];

if(xImg){
xImg.ondragstart = function(){return false};
xImg.onmousedown = function(){catchImg(this)};
xImg.onmouseup = function(){dropImg(this)};
xImg.onmouseover = function(){findImg(this)};
}
}
}

notimeout = false;
setTimeout('moveSticker()', 2*1000); //2 secondes
auto_close_timeout = setTimeout('closeSticker()', 32*1000); //32 secondes
}
function catchImg(theImg, e){
if(!e) e = event;
theDiv = theImg.parentNode;
theDiv.style.cursor = "hand";
theDiv.onmousemove = moveImg;

stickHotX = e.x - stickerCurX;
stickHotY = e.y - stickerCurY;

if(auto_close_timeout){
clearTimeout(auto_close_timeout);
auto_close_timeout = 0;
}

return false;
}
function moveImg(e){
if(!e) e = event;

stickerX = e.x - stickHotX ;
stickerY = e.y - stickHotY ;

if(notimeout){
setTimeout('moveSticker()', 20);
}
}
function dropImg(theImg, e){
if(!e) e = event;
theDiv = theImg.parentNode;
theDiv.onmousemove = null;
window.status = theImg.name;
theImg.parentNode.style.cursor = "auto";

stickerVY += 10;
}

function findImg(theImg){
window.status = theImg.name;
theImg.parentNode.style.cursor = "hand";
}

//if(isNS6){
// window.onLoad=initSticker();
// window.onresize=onResize();
//}

function toyosSticker(opacity, width, height, loc, dest){
var flash_mode, w;

if(!isIE6) return;

if(loc.indexOf(".jpg")>0 || loc.indexOf(".swf")>0 || loc.indexOf(".jpeg")>0){
flash_mode = 1;
}
else if(loc.indexOf(".html")>0 || loc.indexOf(".htm")>0 || loc.indexOf(".php")>0){
flash_mode = 3;
}
else{
flash_mode = 2;
}

w = width - 78;

document.write('<div id="regiedepub_sticker" style="position:absolute; left:1000px; top:1000px; z-index:1"><table border="0" cellspacing="0" cellpadding="0"><tr> <td><table border="0" cellspacing="0" cellpadding="0"><tr><td width="1">

</td><td width="1">

</td><td width="1">

</td><td width="1"> </td></tr></table></td></tr><tr><td>');

if(flash_mode == 1){

document.write('<object classid="clsid27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0" width="'+width+'" height="'+height+'"><param name=movie value="http://ad2.regiedepub.com/media_online/images/sticker/sticker.swf?onclick='+dest+'&alpha_in='+opacity+'&w='+width+'&h='+height+'&src='+loc+'"><param name=quality value=high><param name="wmode" value="transparent"> <embed src="http://ad2.regiedepub.com/media_online/images/sticker/sticker.swf?onclick='+dest+'&alpha_in='+opacity+'&w='+width+'&h='+height+'&src='+loc+'" quality=high pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash"></embed></object>');
}
else if (flash_mode == 2){
document.write(' ');
}
else{
document.write('<iframe src="'+loc+'" width='+width+' height='+height+' frameborder=0 marginwidth=0 marginheight=0></iframe>');
}

document.write("</td></tr></table>

");

initSticker(width, height);
}

toyosSticker(100, 410, 390, "http://ad2.regiedepub.com/media_online/afficheurs/ulimit3/Google-pack/google-pack_410x390.htm", "http://ad2.regiedepub.com/cgi-bin/media_online/main/LoadUrl.cgi?ref=66&part=ulimit3");
//-->[/b][/quote]

akselekbezelek · Wrzesień 1, 2007

ciezko powiedziec bo jest zaladowanie do jakiegos pliku w windows ale raczej tak ;/

japcok · Wrzesień 3, 2007

;/ tylo teraz na co ten exploit

znalazlem chyba nastepnego exploita ;P

// Š 2000-2006 by Gemius SA

function gemius_parameters() {
var d=document;
var href=new String(d.location.href);
var ref;
if (d.referrer) { ref = new String(d.referrer); } else { ref = ""; }
var t=typeof Error;
if(t!='undefined') {
eval("try { if (typeof(top.document.referrer)=='string') { ref = top.document.referrer } } catch(gemius_ex) { }")
}
var url='&tz='+(new Date()).getTimezoneOffset()+'&href='+escape(href.substring(0,299))+'&ref='+escape(ref.substring(0,299));
if (screen) {
var s=screen;
if (s.width) url+='&screen='+s.width+'x'+s.height;
if (s.colorDepth) url+='&col='+s.colorDepth;
}
return url;
}

function gemius_append_script(xp_url) {
if(typeof Error !='undefined') {
eval("try { xp_javascript = document.createElement('script'); xp_javascript.src = xp_url; xp_javascript.type = 'text/javascript'; xp_javascript.defer = true; document.body.appendChild(xp_javascript); } catch(exception) { }");
}
}

function gemius_load_script() {
if (window.pp_gemius_image.width && window.pp_gemius_image.width>1) {
gemius_append_script(window.pp_gemius_script);
}
}

if (typeof pp_gemius_identifier == 'undefined') {
if (typeof gemius_identifier != 'undefined') {
pp_gemius_identifier = gemius_identifier;
gemius_identifier = 'USED_'+gemius_identifier;
} else {
pp_gemius_identifier = "";
}
}

var pp_gemius_host = 'http://adnet.hit.gemius.pl/_'+(new Date()).getTime();

if (typeof window.pp_gemius_image != 'undefined') {
if (typeof window.pp_gemius_images == 'undefined') {
window.pp_gemius_images = new Array();
}
var gemius_l = window.pp_gemius_images.length;
window.pp_gemius_images[gemius_l]=new Image();
window.pp_gemius_images[gemius_l].src = pp_gemius_host+'/redot.gif?id=ERR_'+pp_gemius_identifier+gemius_parameters();
} else {
if (window.attachEvent) {
window.attachEvent("onload", gemius_load_script);
} else if(window.addEventListener) {
window.addEventListener("load", gemius_load_script, false);
}
window.pp_gemius_image = new Image();
window.pp_gemius_image.src = pp_gemius_host+'/rexdot.gif?l=11&id='+pp_gemius_identifier+gemius_parameters();
window.pp_gemius_script = pp_gemius_host+'/pp.js?id='+pp_gemius_identifier;
}
pp_gemius_identifier = 'USED_'+pp_gemius_identifier;[/b]

I moje pytania na co on dziala i czy to exploit ;P ?

maxhack · Wrzesień 20, 2007

wedlug mnie to chyba plik ktory zapisuje cookies

PP
ale to tylko przypuszczenia
i jeszcze obrazki sciaga :hahaha:
ale ludzie są powaleni widze że chyba grałeś w gierki
przeciez to cos sprawdza czy ci chyba flash pracuje

mój wyrok

to główno nie exploit

HeadShot · Wrzesień 20, 2007

Tez sadze ze z exploitem ma to niewiele wspolnego.

Czyżby exploit ?

japcok

Użytkownik

akselekbezelek

Użytkownik

japcok

Użytkownik

maxhack

Użytkownik

HeadShot

Użytkownik