{"id":147,"date":"2009-03-02T17:11:18","date_gmt":"2009-03-02T17:11:18","guid":{"rendered":""},"modified":"2011-04-25T08:38:24","modified_gmt":"2011-04-25T08:38:24","slug":"iframe%e7%9a%84%e9%98%b2%e6%8f%92%e7%a0%b4%e8%a7%a3","status":"publish","type":"post","link":"https:\/\/www.inbreak.net\/archives\/147.html","title":{"rendered":"iframe\u7684\u9632\u63d2\u7834\u89e3"},"content":{"rendered":"

\u770b\u4e86Monyer\u7684\u6587\u7ae0\uff1a<\/p>\n

\u300aiframe\u7684\u9632\u63d2\u4e0e\u5f3a\u63d2\uff08\u4e8c\uff09\u300b<\/div>\n
http:\/\/hi.baidu.com\/monyer\/blog\/item\/108c718d9aedcf15b21bba56.html<\/a><\/div>\n
 <\/div>\n
\u4ee3\u7801\u5982\u4e0b\uff1a<\/div>\n
 <\/div>\n
\n
\n
JavaScript\u4ee3\u7801<\/div>\n
    \n
  1. <script>   <\/span><\/span><\/li>\n
  2. window.onload = <\/span>function<\/span>(){   <\/span><\/li>\n
  3. if<\/span>(top!=self){   <\/span><\/li>\n
  4.    <\/span>var<\/span> f = document.createElement(<\/span>"form"<\/span>);   <\/span><\/li>\n
  5.    f.action=location;   <\/span><\/li>\n
  6.    f.target=<\/span>"_parent"<\/span>;   <\/span><\/li>\n
  7.    document.body.appendChild(f);   <\/span><\/li>\n
  8.    f.submit();   <\/span><\/li>\n
  9. }   <\/span><\/li>\n
  10. };   <\/span><\/li>\n
  11. <\/script>  <\/span><\/li>\n<\/ol>\n<\/div>\n<\/div>\n

    \u5f3a\u5236\u63d0\u4ea4\uff0c\u6211\u4ed4\u7ec6\u770b\u4e86\u8fd9\u7bc7\u6587\u7ae0\uff0c\u540e\u6765\u5b9e\u8df5\u4e86\u4e0b\uff0c\u53d1\u73b0\u4e24\u4e2aonload\u4f1a\u540e\u9762\u7684\u8986\u76d6\u524d\u9762\u7684onload\u3002<\/p>\n

    \u5e76\u4e14\u9632\u5fa1\u4ee3\u7801\u4e2d\u5728\u64cd\u4f5c"body"\u3002<\/p>\n

    \u6240\u4ee5\u8fd9\u6bb5\u4ee3\u7801\u4e00\u5b9a\u662f\u5e94\u7528\u4e8e\u9875\u9762\u6700\u4e0b\u9762\u3002<\/p>\n

    \u518d\u770b\u4e86\u770b\u4e4b\u524d\u7684<\/p>\n

    \u300aiframe\u7684\u9632\u63d2\u4e0e\u5f3a\u63d2\u300b<\/p>\n

    http:\/\/hi.baidu.com\/monyer\/blog\/item\/1551b68f453f78e9f11f3667.html<\/a><\/p>\n

    \u53d1\u73b0\u653b\u51fb\u8005\u81f3\u5c11\u53ef\u4ee5\u63a7\u5236\u4e00\u6bb5JS\uff0c\u6240\u4ee5\u624d\u53ef\u4ee5“\u5f3a\u63d2”\u3002<\/p>\n

    \u6700\u540eMonyer\u7ed9\u51fa\u4e86\u4e00\u4e2a\u65b9\u6848\u3002<\/p>\n

    \u4e0d\u8fc7\u4ed4\u7ec6\u770b\u770b\uff0c\u8fd8\u662f\u6709\u5f88\u5927\u95ee\u9898\u7684\u3002<\/p>\n

    \u6628\u665a\u5728YY\uff0cJS\u91cc\u6709\u4e2aSLEEP\u8fd9\u4e2a\u51fd\u6570\uff0c\u8ba9\u540e\u9762\u7684\u4ee3\u7801\u7b49\u4e0a“\u534a\u5e74”\u624d\u6267\u884c\uff0c\u90a3\u4ed6\u7684\u65b9\u6848\u5c31\u5931\u6548\u4e86\u3002<\/p>\n

    \u4e8e\u662f\u6d4b\u8bd5\uff0c\u5c45\u7136\u6210\u529f\u540e\u3002<\/p>\n

    \u65e9\u4e0a\u548c\u5927\u5bb6\u804a\u8fd9\u4e2a\u4e8b\u60c5\uff0c\u88ab\u72e0\u72e0\u7684\u6253\u51fb\u4e86\u4e0b\uff0c\u539f\u6765JS\u6839\u672c\u6ca1\u8fd9\u4e2a\u51fd\u6570\u3002\u3002\u3002\u90a3\u540e\u9762\u7684\u7684\u786e\u6ca1\u6267\u884c\u4e86\uff08JS\u51fa\u9519\uff09\u3002\u56e7\u3002\u3002\u3002<\/p>\n

    \u7ecf\u8fc7\u4ed4\u7ec6\u7814\u7a76\uff0c\u7ec8\u4e8e\u60f3\u5230\u4e86\u7834\u89e3\u7684\u65b9\u6cd5\u3002HOOK\u3002\u3002\u3002<\/p>\n

    \u770b\u4ee3\u7801\uff0c\u6211\u628amonyer\u7684\u4ee3\u7801\u653e\u8fdb\u53bb\uff0c\u7136\u540e\u4e0d\u8ba9\u4ed6\u6267\u884c\u987a\u5229\u3002<\/p>\n

    \n
    JavaScript\u4ee3\u7801<\/div>\n
      \n
    1. <head>   <\/span><\/span><\/li>\n
    2. <\/head>   <\/span><\/li>\n
    3. <body>   <\/span><\/li>\n
    4. \u5475\u5475\u3002\u3002\u3002   <\/span><\/li>\n
    5.   <\/span><\/li>\n
    6. <\/body>   <\/span><\/li>\n
    7. <script>   <\/span><\/li>\n
    8.   <\/span><\/li>\n
    9. document.createElement = <\/span>function<\/span>(test)   <\/span><\/li>\n
    10. {   <\/span><\/li>\n
    11.     <\/span>var<\/span> f  =  <\/span>new<\/span> Object();   <\/span><\/li>\n
    12.        f.action=location;   <\/span><\/li>\n
    13.        f.target=<\/span>"_parent"<\/span>;   <\/span><\/li>\n
    14.           <\/span><\/li>\n
    15.        f.submit = <\/span>function<\/span> (){};   <\/span><\/li>\n
    16.        <\/span>return<\/span> f;   <\/span><\/li>\n
    17. }   <\/span><\/li>\n
    18. document.body.appendChild = <\/span>function<\/span>(test){}   <\/span><\/li>\n
    19.   <\/span><\/li>\n
    20. window.onload = <\/span>function<\/span>(){alert(1);}   <\/span><\/li>\n
    21.   <\/span><\/li>\n
    22. \/\/—————————-\u4e0b\u9762\u662fMonyer\u7684\u65b9\u6cd5\u3002\u539f\u6837copy\u3002 <\/span>  <\/span><\/li>\n
    23. window.onload = <\/span>function<\/span>(){   <\/span><\/li>\n
    24. if<\/span>(<\/span>top!=self<\/font><\/span>){   <\/span><\/li>\n
    25.    <\/span>var<\/span> f = document.createElement(<\/span>"form"<\/span>);   <\/span><\/li>\n
    26.    f.action=location;   <\/span><\/li>\n
    27.    f.target=<\/span>"_parent"<\/span>;   <\/span><\/li>\n
    28.    document.body.appendChild(f);   <\/span><\/li>\n
    29.    f.submit();   <\/span><\/li>\n
    30. }   <\/span><\/li>\n
    31. };   <\/span><\/li>\n
    32. \/\/\u5e7f\u544a\u65f6\u95f4http:\/\/inbreak.net <\/span>  <\/span><\/li>\n
    33. alert(<\/span>‘hackedbykxlzx’<\/span>);   <\/span><\/li>\n
    34. <\/script>   <\/span><\/li>\n<\/ol>\n<\/div>\n

      \u505a\u4e00\u4e2a\u7c7b\uff0cHOOK\u6389\u8fd9\u4e2a\u65b9\u6cd5\u91cc\u6240\u6709\u7528\u6389\u7684\u4e1c\u897f\u3002\u3002\u3002\u563f\u563f\u3002\u3002\u3002\u540c\u65f6\u4fdd\u8bc1\u540e\u9762\u7684JS\u6b63\u786e\u6267\u884c\u3002<\/p>\n

       <\/p>\n","protected":false},"excerpt":{"rendered":"

      \u770b\u4e86Monyer\u7684\u6587\u7ae0\uff1a<\/p>\n

      \u300aiframe\u7684\u9632\u63d2\u4e0e\u5f3a\u63d2\uff08\u4e8c\uff09\u300b<\/div>\n
      http:\/\/hi.baidu.com\/monyer\/blog\/item\/108c718d9aedcf15b21bba56.html<\/a><\/div>\n
       <\/div>\n
      \u539f\u6587\u5199\u5230\u4ee3\u7801\uff0c\u5176\u5b9e\u662f\u6709\u95ee\u9898\u7684\uff0c\u7834\u89e3\u4ee3\u7801\u5982\u4e0b\uff1a<\/div>\n

      \u7ee7\u7eed\u9605\u8bfb »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[87,5],"tags":[41,32],"views":9997,"_links":{"self":[{"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/posts\/147"}],"collection":[{"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/comments?post=147"}],"version-history":[{"count":1,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/posts\/147\/revisions"}],"predecessor-version":[{"id":233,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/posts\/147\/revisions\/233"}],"wp:attachment":[{"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/media?parent=147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/categories?post=147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/tags?post=147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}