<img src="xxxx.php"/> 用这种形式加载验证码,之前一直好好的,最近不能加载不了。
在浏览器直接访问 xxxx.php 是可以显示验证码的。在chrome中查看请求信息
xxxx.php 的返回值竟是这样:
<html><head><script type="text/javascript">function B(){setTimeout('\x41\x28\x29',200);};function A(){var $1='\x73\x68\x78\x7a\x3d0694286323';var $a='\x73\x68\x78\x7a\x66\x69\x72\x73\x74\x76\x69\x73\x69\x74\x3d\x31';var $b='\x73\x68\x78\x7a\x66\x69\x72\x73\x74\x76\x69\x73\x69\x74\x3d\x30';var $c=1;var $d=new window["\x44\x61\x74\x65"]();$d["\x73\x65\x74\x54\x69\x6d\x65"]($d["\x67\x65\x74\x54\x69\x6d\x65"]()+$c*24*60*60*1000);if(window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x61\x63\x74\x69\x76\x65\x45\x6c\x65\x6d\x65\x6e\x74"]["\x69\x64"]=='\x73\x68\x78\x7a'){var $e=window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"];if($e["\x69\x6e\x64\x65\x78\x4f\x66"]($a)>-1){window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"]=$b;}else{window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"]=$1+"\x3b\x65\x78\x70\x69\x72\x65\x73\x3d"+$d["\x74\x6f\x47\x4d\x54\x53\x74\x72\x69\x6e\x67"]();window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"]=$a;var $f=window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"];if($f["\x69\x6e\x64\x65\x78\x4f\x66"]($1)>-1){if(top==this){window["\x6c\x6f\x63\x61\x74\x69\x6f\x6e"]["\x72\x65\x6c\x6f\x61\x64"]();}}else{window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x42\x79\x49\x64"]('\x73\x68\x78\x7a')["\x69\x6e\x6e\x65\x72\x48\x54\x4d\x4c"]='\x26\x23\x78\x38\x42\x46\x37\x3b\x26\x23\x78\x35\x46\x30\x30\x3b\x26\x23\x78\x35\x34\x32\x46\x3b\x26\x23\x78\x36\x30\x41\x38\x3b\x26\x23\x78\x36\x44\x34\x46\x3b\x26\x23\x78\x38\x39\x43\x38\x3b\x26\x23\x78\x35\x36\x36\x38\x3b\x26\x23\x78\x37\x36\x38\x34\x3b\x63\x6f\x6f\x6b\x69\x65\x26\x23\x78\x35\x32\x39\x46\x3b\x26\x23\x78\x38\x30\x46\x44\x3b\x26\x23\x78\x34\x45\x45\x35\x3b\x26\x23\x78\x36\x42\x36\x33\x3b\x26\x23\x78\x35\x45\x33\x38\x3b\x26\x23\x78\x38\x42\x42\x46\x3b\x26\x23\x78\x39\x35\x45\x45\x3b\x26\x23\x78\x36\x37\x32\x43\x3b\x26\x23\x78\x37\x41\x44\x39\x3b\x26\x23\x78\x37\x30\x42\x39\x3b\x26\x23\x78\x33\x30\x30\x32\x3b';}}}};</script></head><body id="shxz" name="shxz" onload="B();"></body></html>
是不是中木马了?怎么办?
在浏览器直接访问 xxxx.php 是可以显示验证码的。在chrome中查看请求信息
xxxx.php 的返回值竟是这样:
<html><head><script type="text/javascript">function B(){setTimeout('\x41\x28\x29',200);};function A(){var $1='\x73\x68\x78\x7a\x3d0694286323';var $a='\x73\x68\x78\x7a\x66\x69\x72\x73\x74\x76\x69\x73\x69\x74\x3d\x31';var $b='\x73\x68\x78\x7a\x66\x69\x72\x73\x74\x76\x69\x73\x69\x74\x3d\x30';var $c=1;var $d=new window["\x44\x61\x74\x65"]();$d["\x73\x65\x74\x54\x69\x6d\x65"]($d["\x67\x65\x74\x54\x69\x6d\x65"]()+$c*24*60*60*1000);if(window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x61\x63\x74\x69\x76\x65\x45\x6c\x65\x6d\x65\x6e\x74"]["\x69\x64"]=='\x73\x68\x78\x7a'){var $e=window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"];if($e["\x69\x6e\x64\x65\x78\x4f\x66"]($a)>-1){window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"]=$b;}else{window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"]=$1+"\x3b\x65\x78\x70\x69\x72\x65\x73\x3d"+$d["\x74\x6f\x47\x4d\x54\x53\x74\x72\x69\x6e\x67"]();window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"]=$a;var $f=window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"];if($f["\x69\x6e\x64\x65\x78\x4f\x66"]($1)>-1){if(top==this){window["\x6c\x6f\x63\x61\x74\x69\x6f\x6e"]["\x72\x65\x6c\x6f\x61\x64"]();}}else{window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x42\x79\x49\x64"]('\x73\x68\x78\x7a')["\x69\x6e\x6e\x65\x72\x48\x54\x4d\x4c"]='\x26\x23\x78\x38\x42\x46\x37\x3b\x26\x23\x78\x35\x46\x30\x30\x3b\x26\x23\x78\x35\x34\x32\x46\x3b\x26\x23\x78\x36\x30\x41\x38\x3b\x26\x23\x78\x36\x44\x34\x46\x3b\x26\x23\x78\x38\x39\x43\x38\x3b\x26\x23\x78\x35\x36\x36\x38\x3b\x26\x23\x78\x37\x36\x38\x34\x3b\x63\x6f\x6f\x6b\x69\x65\x26\x23\x78\x35\x32\x39\x46\x3b\x26\x23\x78\x38\x30\x46\x44\x3b\x26\x23\x78\x34\x45\x45\x35\x3b\x26\x23\x78\x36\x42\x36\x33\x3b\x26\x23\x78\x35\x45\x33\x38\x3b\x26\x23\x78\x38\x42\x42\x46\x3b\x26\x23\x78\x39\x35\x45\x45\x3b\x26\x23\x78\x36\x37\x32\x43\x3b\x26\x23\x78\x37\x41\x44\x39\x3b\x26\x23\x78\x37\x30\x42\x39\x3b\x26\x23\x78\x33\x30\x30\x32\x3b';}}}};</script></head><body id="shxz" name="shxz" onload="B();"></body></html>
是不是中木马了?怎么办?
function B() {
setTimeout('A()', 200);
};function A() {
var $1 = shxz=0694286323;
var $a = shxzfirstvisit=1;
var $b = shxzfirstvisit=0;
var $c = 1;
var $d = new window["Date"]();
$d["setTime"]($d["getTime"]() + $c * 24 * 60 * 60 * 1000);
if (window["document"]["activeElement"]["id"] == 'shxz') {
var $e = window["document"]["cookie"];
if ($e["indexOf"]($a) > -1) {
window["document"]["cookie"] = $b;
}
else {
window["document"]["cookie"] = $1 + ";expires=" + $d["toGMTString"]();
window["document"]["cookie"] = $a;
var $f = window["document"]["cookie"];
if ($f["indexOf"]($1) > -1) {
if (top == this) {
window["location"]["reload"]();
}
}
else {
window["document"]["getElementById"]('shxz')["innerHTML"] = '请开启您浏览器的cookie功能以正常访问本站点。'; } } }};
xxxx.php 跟他的内容没有关系。随便什么内容都同样的返回值,那段js
就像被劫持了一样。
<link href="test.php" rel="stylesheet" />test.phpheader("content-type:text/css\r\n");
echo('.test{ color:#F00; }');