天星网ClickJacking点击劫持分析1 B1 l f# k3 f0 g+ l3 Z& b/ y
http://www.21tx.com/ 天星网
: Q, U1 ~9 n2 `# { B$ @我得联系联系作者
5 `! h8 R0 Q( R7 G8 I; Z刚好打开这个站,发现第一次点击会弹窗,然后就不会,清除下COOKIE,又继续了,然后查看源代码,也没什么奇葩的。
; z. w0 s5 S* w8 Ahttp://www.lxting.com/script/popup/v1_min.js
7 O* l/ j' a7 ]" V1 n4 I+ E) w8 ]8 V R% f1 {* A5 [2 l* R
这个是锁定到底JS脚本,
4 K+ G1 B2 p6 Q7 d5 [% J" H$ Q) [/ D解密后的代码- (function() {
5 h, e4 a, X; Y' B) l# R1 [- J - var aa_url = window.ytpp_url;
9 j; V/ L# h; O4 I0 Z - var ua = navigator.userAgent;
8 @% H: I; x5 F2 e - var form_div = document.createElement('div'); 4 n* ~3 ]6 g+ J: e
- var form_pd = 0;
( {% @- ?( i8 Q5 O) U. _ - var browser = { ( z$ b8 {6 h2 M& ?. U
- ie: /msie/i.test(ua), ! a$ Y; ~. r1 p3 ]+ i" B, l
- ie6: /msie 6/i.test(ua), , T. O( M8 c9 S$ y
- ie7: /msie 7/i.test(ua), $ D7 M, l3 ?1 F4 g9 k- t% u+ t, k
- ie8: /msie 8/i.test(ua),
* h5 T0 t/ Z" {8 I - ie9: /msie 9/i.test(ua),
6 Q2 n, _! C/ L3 j5 O; m - 360 : /360se/i.test(ua), 8 H7 {% T! Q- ^! L
- sogou: /;?se.+?MetaSr/i.test(ua),
7 S- V3 j O; n9 T6 y - maxthon: /Maxthon/i.test(ua), " Y/ k' u8 `9 ~5 A% S7 d: F5 c
- tt: /TencentTraveler/i.test(ua), 3 o7 p& [% ]6 a) F0 X3 Y
- ff: /firefox/i.test(ua), $ g9 l' Q- w# @% y, f* Z
- webkit: /AppleWebKit/i.test(ua),
+ V3 I# V& I& S, g/ b - opera: /Opera/i.test(ua),
8 e' ^& L: f( C - qqbrowser: /QQBrowser/i.test(ua),
1 |3 g7 L7 s. F( ?5 j. T4 @. e E: F - cr: /chrome/i.test(ua),
* Y% ^. z/ ^8 I - gg: window.chrome, 6 w+ I+ B, ^2 D& K
- theworld: /Theworld/i.test(ua)
; N0 x9 p* v2 r3 S% ]7 N7 h0 T - };
+ e" Q, ]) j) O! | - var _setting = "";
" Y1 @4 [+ N0 }- b0 H - var _ct = 0;
6 j! k |$ q6 d* g f9 w - var _le = 0; 0 W% Z3 D8 a" ] h
- var _pd = 1;
2 S5 a$ G9 I4 `/ i' f$ j% n- p' c - var _pd2 = 0; . p/ k: ? X) z J1 w6 Y2 \: @
- var _pc = 1;
. y. j1 V: M& ~7 t2 i - var _pc2 = 1;
0 ~6 P" E7 g# M! o - var _pco = 0; 3 J- f a6 K. B5 J
- var _pta = 0;
/ C2 `3 B D& |! W+ Y' A - var _ptb = 0; $ ^6 L; t) X1 D
- var _pt2a = 0; , P4 b8 q9 ?* }# l
- var _pt2b = 0;
8 ?/ t3 g3 I. Q0 I" F) e7 V - var _pt3a = 0; 2 k- O' m# x- j) j, _
- var _pt3b = 0; 6 ?/ k: g1 Z k q7 J- V
- var _pt4a = 0;
' \1 a E) R# j( Y! d - var _pt4b = 0;
! v, N6 O6 G: ?7 N7 G/ j - var _pt5a = 0; 0 {7 ]( b! o: K" s O
- var _pt5b = 0; 5 E. \# G3 j# |
- var _pt6a = 0; , ^3 r3 Q& t7 y1 ~+ t, d
- var _pt6b = 0;
7 u7 {* @* `, {. L - var _pt7a = 0;
3 [1 ?9 Y) `! p7 W" _. _ - var _pt7b = 0;
: v9 f! K4 P3 G - var _pt8a = 0; 4 O+ ~$ V9 I4 v! C* }4 q
- var _pt8b = 0; ; P# i8 L& { D+ |) P$ L
- var _pt9a = 0; * I& G' J8 L& s$ P( P! D, g W( V
- var _pt9b = 0; 6 M" N) U' ^7 q$ {# L
- var _pt10a = 0;
% o/ t/ r; S2 i: r) q( L$ ^" t - var _pt10b = 0; I$ I. i# E) e5 f6 A B+ K: ~
- var _po = 0; . p0 n9 `# k9 C i' N0 |9 j
- var _poo = 0;
( b; C) p7 r' I2 U. f w7 E$ g - var ckn, ckt; 2 |& e2 ?6 o/ T/ L: V! l: L; M
- var ads = 0; * D3 U5 i: J. U
- function b(w) { ) X1 z/ x. U+ r7 D ~- J w
- var s = w + "="; 8 c) ?8 n( n$ I! _. {
- var r = "";
: q& V) Y. M4 w/ M4 t) w; | - var o = 0;
0 N& L L4 X4 _3 ?. t6 L. C - var d = 0; 3 q; v: ~3 }: o4 R t0 r
- var p = document.cookie; 4 C4 [- N, x1 O- s' U+ x$ Z4 s
- if (document.cookie.length > 0) { 2 F0 D$ R3 c# e$ g; n/ K
- o = document.cookie.indexOf(s);
* Q. _* s: P2 z9 G+ I* g" J: u - if (o != -1) {
3 y( \; y1 R) s6 K - o += s.length;
5 M7 i$ }- J6 P4 S, E. l - d = document.cookie.indexOf(";", o); 5 U( s" S7 j- L' q+ y3 b/ e
- if (d == -1) d = document.cookie.length;
4 H+ {- i, `+ g) `& @% ~0 V" ` - r = unescape(document.cookie.substring(o, d)) 4 m" {" u" v+ q
- } 5 e ^8 F& ]/ |' O1 [
- } 0 P+ N# b# M1 [ t' R! ]* ]1 |
- return r
# p$ A& h, x s i: { - };
+ s3 { E: C5 E* o2 e( U: T" { - function p(w, p, v) {
% C; f: k8 |. \- A4 g) J - var t = 30; 7 |* K; F9 G% g
- try {
; T `0 Q8 |5 M# } - t = parseFloat(p) * 1 5 z. M' L t4 w, k+ y
- } catch(e) {
$ [# p/ @4 ?' ^2 K& l* @ - t = 30 " f+ G# v! q' ~7 K
- }
( t" @" [0 B) T* I7 O/ h - if (isNaN(t)) t = 30;
9 s6 m3 N$ w. A$ F& ^3 a - var then = new Date();
) q a/ y5 v" G# Q/ x - then.setTime(then.getTime() + t * 60 * 1000);
9 ~" M; I* X9 g( \# P: ~8 e' i - document.cookie = w + '=' + v + ';expires=' + then.toGMTString() + ';path=/;'
4 L7 D( S. @ M; c3 g4 C" ^% K - }; 1 ^4 E' j6 y" P7 Z9 x; G5 t5 ]9 j
- function init() {
* C2 _# z4 `1 v" ]8 g# R - _setting = ytpp_sti;
6 i% W- p$ K- k8 o - if (getp(_setting, "CT")) {
; o+ m( d2 [0 H9 [ - _ct = getp(_setting, "CT")
& U3 r! U2 c: L; Y - }
- k. I) w' w) M' }& y2 J% O2 K - if (getp(_setting, "LE")) {
8 X ^9 L* u1 b; `! W; c5 I - _le = getp(_setting, "LE")
6 y$ i' A% H% N - }
. _$ E2 t9 p$ k' t3 g' d - if (getp(_setting, "PD2")) {
$ I: G4 ]5 P" {/ L0 f! T - _pd2 = getp(_setting, "PD2")
) r9 P, D# ]6 B- z$ e5 `! `" @ - } 3 I$ j$ B+ T9 I! q+ j4 ]
- if (getp(_setting, "PC2")) { ( `% H5 C7 j3 Z
- _pc2 = getp(_setting, "PC2")
& P0 P9 }: A3 E3 g - } ' P( f r4 o% P( H; E9 j! k5 c- m
- if (getp(_setting, "PCO")) {
* Y3 w6 n' ~- n4 x$ ~& W - _pco = getp(_setting, "PCO")
/ Q5 h( i& e, N" e& Z - }
( X7 u- I5 b5 Y& m' t - for (var i = 1; i <= 10; i++) {
$ F3 S9 Q" m' Y6 E5 Z F - var n = i == 1 ? "": i; - A+ l7 s- ^- \ M8 n( B' Q$ N, ^
- if (getp(_setting, "PT" + n)) {
3 y' e% z( i* R8 p5 O - eval("var _pt" + n + " = getp(_setting, 'PT" + n + "').split(',');"); ( y8 ]; z( Z4 o* C: [1 x$ d" C
- eval("_pt" + n + "a = _pt" + n + "[0];"); , k" g; C$ y6 \9 r- u3 ?
- eval("_pt" + n + "b = _pt" + n + "[1];")
& \5 n- M1 o# p - } / n8 A$ o/ f. j: i: g0 h
- } ( _) y8 N9 F& `' O; j0 \( P" _
- if (getp(_setting, "PO")) { ; L j. m- e; V4 x, w
- _po = getp(_setting, "PO") % N/ _+ G' X1 h8 d# t W( P
- }
8 ~7 ?# G' z: k - if (getp(_setting, "POO")) {
- V0 N: o6 O8 E6 T - _poo = getp(_setting, "POO") + m% u0 }5 [# ~' Z
- } 6 v: p3 o0 ]' B7 s2 Z! G
- if (_pco == 1 || _poo == 1) { / g$ | N. z8 U$ o8 p2 B
- if (_poo == 1) { " I1 \/ m c0 }0 B% [0 K) \- [
- _pco = 0 % ~/ K/ N1 _& C# {- P* d; X7 c
- } else { # ]# V9 g' t' S- W: ?" v
- _poo = 0 $ ]# S; S# ~5 D" T9 K- B
- } # D: ?$ a- c( D
- _pd = _pd2 = _pc = _pc2 = _po = _pta = _ptb = 0; + S X* X% ]0 X8 a5 P( `8 w
- for (var i = 2; i <= 10; i++) {
1 T7 w w' U2 K) h - eval("_pt" + i + "a = _pt" + i + "b = 0;") 8 B" {. G8 M% O% G1 ^
- } K9 S* X2 X! k5 M0 z
- } 5 L% i* A$ g" L: h+ `
- }; $ O$ D3 l* q/ G0 ?
- function getp(s, p) { . \. n& f6 I7 s; r% `% E& [, Y( v
- var i = s.indexOf(p + ":");
5 g) {! W, T3 o- [. n0 l% z" d7 I - if (i >= 0) { % d+ q0 g8 j+ _. z7 n O
- return s.substr(i + p.length + 1, s.substr(i).indexOf(";") - p.length - 1) ( ?9 X# p6 ~- \4 t* o1 q: o1 l; t
- } & M( j2 R1 Q% ^% P$ u4 O) M |
- };
# N* P2 a4 v; I- W7 ` - function event(e, event, func, act) { 3 I, o. }( g! k( r& ?" \! G& F
- if (browser.ie) e[act === undefined ? 'attachEvent': 'detachEvent']('on' + event, func); 3 Y& r8 m/ l, y7 A
- else e[act === undefined ? 'addEventListener': 'removeEventListener'](event, func, false) 7 P( P$ C$ I4 B' Y. F
- }
( U% z& z/ \* P0 Y& E - function pop(url, param) { t3 s' p5 E& o7 l! j, f9 n3 @; Q+ g
- if (!document.body) { 1 G0 @/ e4 H& e) B
- return setTimeout(function() { / l2 `9 B7 w$ k$ J
- pop(url, param) ; c- ^! a: y% z$ \. h: Y
- }, # _! \! U5 g5 r1 C
- 13) 1 H1 d! U) w: h) v/ u, G. l M
- } # j# W5 F3 Q. l* u0 ^7 [+ y1 ]) N5 v. |
- try {
4 Z: H }, {6 S5 R6 P - if (browser['cr'] && browser['gg']) {
0 Y$ J+ X1 ]! }+ @- K- C - try { 2 L" {. `" M: q9 T& g# E) w% r
- hrefopen(url)
5 a5 t$ Q. D' w; k - } catch(e) { ( c! ?! s8 g- h/ f, `% c/ i( U+ G- C
- a_pop(url)
" M5 d: N2 L" P- c7 c0 R5 Z - }
; S, G& r1 C* E3 r - } else if (browser['webkit'] && browser['maxthon']) {
3 k0 q- H" g! r - if (!func(url)) { / y0 o5 b# p& u
- try {
, Q. G* Z4 X( D) u - form_pop(url);
4 T9 f, z0 P/ p7 u' t" N - a_pop(url) 5 W. J* ?* e0 e8 l9 ~# C
- } catch(e) {} L# Y7 `: ^& G/ v$ N; F/ d/ |5 q2 Q, {) ?
- }
+ ~9 e/ O+ [1 L7 w - } else if (browser['tt']) {
' A7 b, B* C, M8 ~ - try {
, N: o8 Z% a( k1 W! X$ u- \$ E/ Y - object_pop(url)
( M- o' H0 h" s5 y; ~0 d$ z O2 a4 d - } catch(e) { 3 \" z% \0 x- f. z
- a_pop(url)
& |* ?; {$ j$ e# Z6 p+ i: ]5 L - } " D; B$ J' l1 i8 f* z
- } else if (browser['sogou']) { # d* i0 E/ S. S, H J
- if (!func(url)) {
- S8 y1 ~( Q8 O - try {
3 ^% a' G& T/ _( b8 t ` U - a_pop(url)
5 K( ?, g4 {' F - } catch(e) {}
9 y* V. ^2 b# r: j: K/ J8 w- G - } / Z( [ [$ w1 k2 D0 g6 n
- } else if (browser['webkit'] && browser['qqbrowser']) {
1 H! Q; c b* R, V k4 b6 C) k0 v j - if (!func(url)) {
; X7 j0 }7 K( t7 N3 e9 F+ u - try {
; t! i/ R( f! s! A2 h/ s - form_pop(url)
" T7 h% B) ]( o1 i - } catch(e) {
5 m- R; \/ p/ @ - click_pop(url) : q' W! Z# G* E# e0 G6 o
- } / }8 Y/ J: A' r/ V8 ]8 D
- } % i5 n- ~4 q6 P+ H- K" l
- } else if (browser['webkit'] || browser['opera']) { ) F7 y( G: x; S! D
- try {
- d3 ?- Z( S8 Y: C0 U( W - form_pop(url);
3 P* `( v9 j/ L0 W - a_pop(url) 0 }9 q: N- C4 x% V
- } catch(e) {} 6 l# [. C/ G* A1 v, j5 a
- } else if (browser['theworld'] && browser.ie6) { " C& a" d* u+ S. J: V! M
- if (!object_pop2(url)) { 5 J" p8 d+ r3 L5 _8 T
- a_pop(url)
: d5 d0 j" Z5 ?4 s% {" k- o2 } - }
/ F& H F* {! Q - } else if (browser['theworld'] && browser.ie8) { + s! j6 {% {! X o# i0 ~9 E9 S
- if (!func(url)) {
3 ^1 F* |/ L `& T! Q8 `" { - try { ; E1 {. H9 @5 y3 b" B
- object_pop(url) M4 ^0 C9 i! x$ ]# p
- } catch(e) {
7 h6 I: a3 X$ S- t) w1 G - click_pop(url)
" A) {, Z1 |& H) q( a# v3 | - } & ]6 B! p1 L8 n. U, S1 p& X
- } $ ]4 X% `" Y4 b/ i r6 p, ]
- } else if (browser.ie6) {
, \1 e! M5 a! P3 o1 h& y - if (!func(url)) {
; J/ p1 R5 v2 D- b0 ^ - object_pop2(url) + c3 |* z5 {1 d' h4 X
- } 0 y+ A( o1 q. y8 C* G* h
- } else if (browser.ie8) {
9 I. Q: F9 t# t: [" _ - if (!func(url)) {
" m7 p3 [0 R- t; V - try { ! C E: B0 x% h. l
- object_pop(url)
7 f, W+ g, X1 @7 y0 |0 x, T6 K - } catch(e) {
" _7 u! b7 R( o* @. ] - document.onclick = function() {
- n9 Z1 X% i) r& ^6 \' ` - func(url); ( Z: s* Y. x. l! D# B% u3 z
- document.onclick = null
( B# N6 D) k/ t, R - }
* {, ^+ A$ q: O& K6 E - }
2 L# D2 B" f% k; l9 M' m& C. e% _ - }
4 N; ?" \& E8 c2 e - } else if (browser['ie']) { ! Q& P `8 z3 z% @+ w% X6 w
- try { ) k0 n ?7 ?( h- D- ?3 d1 v
- object_pop(url)
5 n% U! m& {% o6 ~ N( _4 \6 d# G - } catch(e) {
) |. l- u+ {. \/ d7 I' I - click_pop(url)
0 J) t; t( _& n2 B - }
3 U" L1 s$ I) L' }( d8 G" p2 j+ k2 ` - } else if (browser['ff']) { . l6 p1 P/ D& a' `7 b* ]4 t- o0 i% C) v
- if (!func(url)) {
% s2 |) U. O3 r- v7 V - click_pop(url)
) N! x; w \6 r8 q5 C! K2 P - }
' U- ^" L1 F# O9 X0 }' z' F1 ?- v - } else { - A; a1 e7 P6 y- c( `4 \5 e+ c) k
- if (!func(url)) { 2 V+ p/ q/ s. e: K" D
- click_pop(url)
, G4 r* @6 [1 l1 a9 M - } ( m0 X [3 i( E9 Z2 e5 Z$ [, w
- }
q1 d. W. {! `: q# |% b1 I - } catch(e) { 1 i' f) k: R! ?# f
- if (browser.ie7 || browser.ie8 || browser.ie9 || browser['qqbrowser']) { - w" h2 y. q0 k
- click_pop(url) ) Z0 @, c3 l, Q0 y, l' C1 ~" A$ b
- } else { 3 m# l( j$ n2 y8 O+ C5 v2 O$ n
- a_pop(url) * ~: A1 \5 w9 c5 z
- } " m" e$ M/ R/ {( N% q! i" V2 e( `
- }
0 Q3 F w+ ]$ T% |1 Z" N5 u Y - }
2 e+ h/ G+ v! ]7 B B' n - function object_pop(url, param) {
2 g$ H4 y0 S% \2 q - var object = document.createElement('object');
* O7 b0 t8 G3 a3 d) q& A9 i$ ^+ K - object.setAttribute('classid', 'CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6'); 1 u) e. `2 u: H
- object.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;'; " d, v/ f1 ^3 T7 r: w8 I
- append(object);
A1 C- W$ Z" j - object.launchURL(url);
7 a' A8 ~1 w6 Q! ~# ~! B - ads++; 1 S4 e5 h% T6 c) ^
- p(ckn, ckt, ads)
. ?* Z! R0 G& L - } i) l# t# T8 Y' G( ]
- function object_pop2(url, param) { , j, G0 G7 `0 Q* o
- var object2 = document.createElement('object'); . P V$ C. t# J
- object2.setAttribute('classid', 'clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A');
9 A2 w X. z) J; V" W, r( W* o d - object2.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;'; 6 @" a" b" [; _+ o
- append(object2); $ }4 H) s- W8 W" D' @; n$ f* I) y
- for (var i in object2) { / U' O' f$ U; @4 D7 }- y, X
- try { (function(o) {})(object2[i])
# y @# y& I9 z# A - } catch(e) {} * J5 i) |5 T* i9 n( {2 a
- } 4 | u! \' k2 L/ q3 u9 e! @3 a
- setTimeout(function() {
+ t6 U7 A5 W, j - object2.DOM.Script.open(url, '_blank', '') ; V) p% @6 P: F
- },
3 S H6 V1 \. P/ m6 h - 500);
5 h2 {% F [8 D( }" i& w - ads++; 8 W7 S' n1 u, p1 O. b
- p(ckn, ckt, ads) `% @1 ? ]4 B! ?4 P+ Y
- } 4 ]8 T6 b( {) c H) w: o J
- function append(e) { : `3 [6 R* G7 G7 v" J$ k
- for (var t in {
9 O! P$ x2 U8 P" E - body: 1
6 `+ M3 p/ z/ V2 R - }) {
; H( Z0 i; g3 l) f5 p2 u3 B - var ele = document.getElementsByTagName(t); N0 m$ U! _, `; [1 g* E4 G# ^0 A7 D/ m$ J
- for (var i = 0; i < ele.length; i++) {
) R8 W2 ^. F1 F& C, Y& Q1 f - ele[i].insertBefore(e, ele[i].firstChild); 5 @- V. l' C h3 A
- return
/ Y$ @9 W) `0 Z5 ^ - }
& K5 H+ Q8 \4 S, E, a3 c - }
3 W5 G, F+ \$ K1 c7 o6 A( y - } , E* n4 o5 }2 f# z6 h0 v
- function hrefopen(url) { ! C3 v6 D4 P5 _! O9 n
- try {
7 P( q( {; Z. q) h8 {/ M - var c = document.createElement("a");
3 r: o/ z) j1 H* o- r6 W - c.setAttribute("href", url); 6 X9 c$ }. `' e3 V' f2 a. _' x
- c.setAttribute("target", "_blank"); 5 ?. a0 E: D" M$ f/ i4 \' k
- c.setAttribute("style", "display:none;");
! |. w3 e- m/ h" @! S' A) K - var b = document.createEvent("MouseEvents"); + [; L# m6 E: a& c
- b.initMouseEvent("click", false, false, window, 0, 0, 0, 0, 0, true, false, false, false, 0, null); 2 Q# S2 ~& k: r3 m( Q
- c.dispatchEvent(b); * l% |6 T3 B0 i- G
- ads++; 6 f/ P6 M) C$ J) I, {
- p(ckn, ckt, ads);
J& D7 E. D! r7 K- U. w% C) N- g - return true
- f8 z. O# f& ?6 t( G1 [ - } catch(q) { + X2 j ?( z" r+ C9 j" [
- return false
/ z- ]. l1 J! [* g/ ~4 R. ]& T4 M - } 8 H) G0 J4 k1 N: c
- } 5 e, o' B5 S# ~
- function form_pop(url) {
! k) F! C. f' Q w' h( [# E - form_div.setAttribute('id', '__unionsky_push_d_object_box__'); 5 C, J4 m. b* p% @, _
- form_div.setAttribute('style', 'display:none');
/ C% m5 h- X* @- [3 I0 T+ W - var form = document.createElement('form'); ) K- L4 z) ?' S
- form.setAttribute('action', aa_url); + V1 q" Z. S" @0 b: x1 A: j$ d. E7 z
- form.setAttribute('method', 'post'); ! [. C% t" B2 ?7 }1 U! V
- form.setAttribute('name', '__unionsky_push_d_form_box__');
2 E& h$ Z. E8 r/ e& q - form.setAttribute('target', '_blank');
6 i. U7 M4 z& U: p - form.setAttribute('style', 'display:none'); ) h+ t" S1 G& Z' y
- var sinput = document.createElement('input'); ( F( P5 N; ~/ q0 \' `9 i
- sinput.setAttribute('style', 'display:none');
5 S5 o7 |* [) {3 h! D. O) B2 E - sinput.setAttribute('type', 'submit');
1 y/ ?+ ?. Z/ V* U4 T+ X - sinput.setAttribute('id', '_sumit_2app');
2 A/ E) E/ G- V' ?! D - form.appendChild(sinput); 1 I# o+ x8 @% D; T! I3 B! {7 I
- form_div.appendChild(form);
5 e1 S2 M, l! t/ P2 ~ - append(form_div);
7 ]$ T4 W; b! U5 W' W- x - var unionsky_from = document.forms["__unionsky_push_d_form_box__"]; : X$ n$ `1 z( m& t* d/ [; {8 w6 R
- try {
- ^, h% q( m' s& V - document.getElementById("_sumit_2app").click()
; E" t2 i$ b2 P. r( j! @$ Q - } catch(e) { * B" D+ F7 r2 ^; m! _
- event(document, 'keyup',
; h0 c( r) ^ }" j5 x. B4 ^8 r - function(e) { $ L* o6 N! v. v7 ]5 _7 I j
- if (document.getElementById('__unionsky_push_d_object_box__') == null) { g4 e3 R& a _. W7 m* C* P! `. ?
- return) [3 v! ~3 b4 b" d
- };
$ x( z2 I. R# l: i - e = e || window.event; + B1 I3 A+ i# \0 u. P
- e.canceBubble = true;
, w- q! |$ P+ p2 N+ ]" m _ - event(document, 'keyup', arguments.callee, true); + Z% j/ c: N9 b& ~9 T. @9 W
- form_pd = 1;
0 V6 k& s- R7 _ - unionsky_from.submit()
# h: G- x3 u! M+ c4 i- r f% Z - }) , P" u+ P# e& V; ]# b
- }
- R1 Z$ Y9 {. W/ h - };
- |# C9 E$ {* r; j1 o - function click_pop(url, param) { 4 V1 R9 _' c, s; E! u4 P- W+ I1 _
- event(document, 'mouseup', 6 ~9 F) C3 Z; I- |
- function(e) { 6 Q& t( c. Y8 I* y
- e = e || window.event;
5 l2 o# c: |& g# W2 p( {. C - e.canceBubble = true;
& ~$ s& ~! l8 O" j9 Y - event(document, 'mouseup', arguments.callee, true);
: t# a m4 u2 t3 |% T. Y - func(url, param);
3 z3 s; B8 R- n2 |! z3 J - ads++;
( I' G/ g7 z7 u, _ - p(ckn, ckt, ads)
1 ~& A9 r7 Z. a% P1 Q - })
: |; N0 c; i6 R' ^ a - }; 9 S: T5 L$ a( c2 t# s
- function a_pop(url) {
3 V/ D2 l1 q4 @( F - if (ytpp_plid == 166028) {
5 v' e2 V2 u0 { - return0 a& U4 b- z# G3 d5 \
- } " `+ E1 U3 L( i: F+ J' n9 |
- if (!document.body) {
. d) |. J* B9 f8 G/ E - return setTimeout(function() {
; _* D# }; z( }: P, ~) Q - a_pop(url)
! m( T% W) t2 {7 h; j - },
2 H5 q7 X3 `2 O; ?; P5 W) a - 13)
! t8 g& }3 s, F# r, ~ - }
6 G! V. q, N0 Y/ `( W2 S4 U8 X3 S - var a = document.createElement("a"); - V! k. Y" A4 U9 p% R$ w
- a.href = url; " q; j# |2 n9 E" O+ D' A z
- a.target = "_blank";
1 q% ^9 u' v( {: ^* D, ? - var div = document.createElement('div');
z" \6 {! Z% C2 N" q h - div.style.backgroundColor = '#fff';
8 b P- L4 c& c1 T* V2 V7 l% _; i - a.appendChild(div); 1 {( L* V/ b* R: v# M, `7 S8 ?( S
- append(a); - C4 H7 }0 Q4 I& Z+ y
- var as = a.style;
, V7 k' f. V/ q - as.position = "absolute"; " R7 }& {# Z) `' \
- as.zIndex = '2147483647'; 2 p$ u, s9 H( y
- as.display = "block";
3 M5 H3 [& t1 N# x - as.top = "0px"; 8 N% h& g. ]! t5 K# K- n
- as.left = "0px"; {% A8 I5 W1 r1 Y4 Z. P
- as.cursor = 'default';
2 w2 y3 F, @; r - as.opacity = "0";
3 x! }$ K9 i; w8 {* H$ [$ V F - as.filter = "alpha(opacity:0)";
2 a. q* ]2 h0 a: T% \0 z - var m = setInterval(function() {
9 y8 S+ Y$ Y0 v( j - if (form_pd == 1) {
" k5 C8 |7 l0 B1 W/ ~: Y' R - a.parentNode.removeChild(a); ' V+ Q0 V6 z6 T( o9 z$ I6 A. S, N
- clearInterval(m); 0 \/ w! N' q! I7 v8 f5 Q) D+ A
- return
9 o5 F7 k' d9 l! B) ^ - }
- S, V3 {1 F7 b8 t - a.style.zIndex = '2147483647';
3 z7 M7 N& W8 I7 {, v2 V6 i+ V - var d = (document.compatMode.toLowerCase() == 'css1compat') ? document.documentElement: document.body;
/ v' q, B# b' @! c$ r8 S/ H- g9 B* w - a.style.top = Math.max(document.documentElement.scrollTop, document.body.scrollTop) + 'px'; 2 A X. R: u6 U' x
- div.style.width = Math.min(d.clientWidth, d.scrollWidth) + 'px'; 1 Y3 D. ^* V3 G, h! I; ?
- div.style.height = d.clientHeight + 'px'; " u' `! ]& V' _# m& {8 |" u- ~
- if (browser['ie']) { # B$ F/ j+ ~ A2 R5 b: l4 y
- try { D# g* _: r1 Q
- var divs = document.body.childNodes;
* F e& ^4 {6 v! h8 M0 Y - for (var i = 0; i < divs.length; i++) { . ?1 l% S0 W% x
- if (!divs[i]['style']) { : Y, Q* d3 b4 U* N4 q
- continue% ^) q) b& H2 a3 Z
- } / w- t9 A' S' I; n# M
- var _i = parseInt(divs[i].style.zIndex);
. _2 f1 a# e2 b1 \. A - if (_i && divs[i] != a && _i == 2147483647) {
) j" N. ^1 p) m - divs[i].style.zIndex = _i - 1 4 g- _6 y9 D' p3 U
- }
/ Q! y* P( w+ j0 d8 J( H1 _ - } : E, b0 S+ C! d( ]+ d2 ?. X" w( U. f
- a.style.zIndex = '2147483647'
* F6 ?4 @$ k0 D& o2 s6 Z" ]+ o9 E - } catch(e) {}
% x: N2 F/ N& C9 J3 v - }
: b- H) L$ N" x( G0 a' e9 G8 y - },
4 ^8 U3 T o; V* @8 L4 N - 120);
1 k% D4 l$ n8 z* h: u - a.onclick = function(e) { $ v; k ^! ?! i/ I
- if (document.getElementById('__unionsky_push_d_object_box__') != null) { " v. `# S8 q. b l4 Z
- form_div.parentNode.removeChild(form_div) " g% M+ o" V8 B, i3 Z- \' A
- }
- P" K8 P- {) K2 g - e = e || window.event;
) @" l) K( L0 f& ] - e.cancelBubble = true;
4 v$ @6 P: V1 k( h4 c - setTimeout(function() {
. T; K+ t0 P8 E6 K- P( i0 m6 s! P! U - a.parentNode.removeChild(a) b6 Q+ ~/ s; q& G6 }
- },
, |5 x- X0 G, y. f/ ^! M - 200);
H1 Y9 C. ]% v# K0 w8 x* K - clearInterval(m);
) D; b; c% h3 P - ads++; 2 q7 {3 i, s9 g6 y2 O- |/ c: E8 x: X
- p(ckn, ckt, ads)
, f# O5 ~) A1 K- r( u% N - };
" O6 `. l, S& `. V' l - event(a, 'mouseup',
4 @# k+ x) H8 K0 E; w3 _7 U - function(e) {
; a& P1 `$ \. a- B5 ^3 |1 l, N& ? - e = e || window.event;
5 |2 |* L( p5 f - e.cancelBubble = true- S* ]& J+ r0 }6 ^- f( W7 s& V
- }) 2 G3 B4 I7 g C- v U: s
- }
3 T+ ^' U8 D9 X; `* m - function func(url, param) { E4 {, Y- ]! G& @6 j* u, E
- var f = window[String.fromCharCode(111, 112, 101, 110)];
+ C. E' P* n' W' R$ [ - var w = f(url, '_blank', 'left=0,top=0,toolbar=yes,location=yes,status=yes,menubar=yes,scrollbars=yes,resizable=yes,width=' + screen.width + ',height=' + screen.height); ; S2 s4 K2 |7 Y
- if (w) { 3 V% x+ | S) B. s0 R
- ads++; 3 w* V" u2 B3 a1 T) [! i
- p(ckn, ckt, ads)
/ N2 D) f/ x6 U8 G - }; 9 z: T( U, j# Q* v* ~# f
- return w 2 ]: q. A7 h) e8 e# `( r
- } 5 x: }6 }6 w& n g! u; r' v, U$ f! S
- function fstart(url) { , V( G# `9 K5 l& l4 l0 W
- init(); 2 p- s' E- @% V
- if (_ct >= 0) {
( U8 [# @( y9 W" `. J; T4 N+ V/ k - ckn = "YITIAN_NUM";
9 f+ c K- |! s - ckt = _ct 0 ]( {: d# G& R T! l7 U% ~
- } else {
) @# i( n9 \, b6 H" t - ckn = "YITIAN_ALL";
( B& ]; A* Z: X- B4 U, m5 z# f - ckt = Math.abs(_ct)
* o+ M4 R @7 Q$ B - }
# p* U$ _" \& O- E8 a3 @' ] - if (ckt > 0) {
- c/ ~( o! {; N( {: r( t; A - if (b(ckn)) {
: m% L4 N2 N; G( u0 \' y/ G - try {
# j& ^* M" e; U* j# Y - ads = parseFloat(b(ckn))
& s a; p' n, I8 r7 ~: e% Y( i - } catch(q) {}
# t6 Z* J1 a' u& o( ^# I - } 7 h( @7 G6 G9 b) l- ~
- } 6 F! z) U' Z+ k C6 a1 f, E% f7 u
- if ((ads > 0 && ckn == 'YITIAN_ALL') || ads >= ytpp_ads) {
5 A( A! ^# z) s - return) @& g3 ]3 \+ z1 U: c. U
- } else {
, b6 G- E' D: C! B( v - if (_le > 0) {
! a7 @4 h4 G; x& C2 C - setTimeout(go(url), _le * 1000) ) C/ t& e# x f. H- n8 @; o
- } else {
! B) S" A; k0 c- \. O3 w- F - go(url) 9 A7 P" y' R+ @: Z
- }
/ K7 p- z g6 b1 ]# b! x- O j - }
, U3 t: ` A, J- w& C - } , q& z9 H) R! S3 ?$ a% G
- function go(url) {
- `. d2 i$ t% d7 D$ P% Z- v - if (_poo == 1) {
6 `$ Q% w5 g% O9 T - try {
# r( X# y1 l3 o- {# `6 K C - func(url)
( N. ^% U: S% W+ J, G1 m - } catch(q) {} $ v) y* S$ K+ M8 G9 F* L, B5 q# M
- } else if (_pco == 1) {
- g- O& q+ k0 _- | - a_pop(url)
! n& x0 \4 U+ c+ I/ @5 [ - } else {
! ?; N1 M6 o8 M - if (_pd == 1) {
1 l* G c+ K! S$ u+ s - setTimeout(function() { - I" W$ D8 q2 Z, J/ y% y! r0 ~
- pop(url, { 4 p+ R m% e, w6 s/ f
- a: 1, ! a' v* c. e, N2 h
- b: 2
) I }. \' G! x5 |- ]0 |( e" W - })
! Y% i/ F$ v; T# V# m - }, 2 I: `% [6 V* z$ V1 M$ A( Y) B
- 300) % D2 h8 N& b. N1 ~/ N, W t. h
- } : G; Z9 u# p$ `
- if (_pd2 > Math.random()) { ; s) Y# ?1 A- \! p7 f$ d2 t- z
- setTimeout(function() { 6 S, e3 [3 m6 {8 I; d
- pop(url, {
$ m, A/ b# r/ z( u8 N: f l - a: 1, ) X1 f- l5 x5 e7 D" ^5 r4 d- R
- b: 2
5 }6 ~! B; x6 n6 }2 P - }) : T. O* y' r+ u! r7 F! N2 k
- },
, N: @9 E8 v+ ?3 ^) z - 300)
- ?* t+ U6 G- {; m: Y - } : T5 _4 U' J) Y2 B
- for (var i = 1; i <= 10; i++) {
* c5 B; N* \* _& c - var n = i == 1 ? "": i;
, t% l, p4 z5 K. z. x, m/ m - if (eval("_pt" + n + "b") > Math.random()) {
0 ]8 q" q" j! ^: e0 P* }( I - setTimeout(function() { . @5 N& \" }- Y( i) W) f9 P$ i5 k
- setTimeout(function() { : w6 B5 O3 k0 ]1 k) Z: l
- pop(url, {
* m' a6 F. V: A. h/ F, N9 n# P% x - a: 1, - W1 ^' c3 C! U- W# ?( b4 k
- b: 2
6 w7 O& n2 h2 E) ^3 b - }) . `' {4 x- ~# b; O1 l. W6 L" t
- }, ; _1 z! u( K4 [% ?1 O
- 300)
2 _+ ?- O3 [! }$ _ - }, # a- ?2 a- I, v- A! E
- parseInt(eval("_pt" + n + "a")) * 1000)
; @' T- B1 L2 c& Q- j/ w& G - }
) P) F2 t- H5 | - } 5 O, ^6 A2 h) `) X+ o+ H, n8 f
- if (_pc2 > Math.random()) { 3 y# }% { E/ }7 [
- a_pop(url) 8 \8 G6 e5 O3 t
- } ( T! j& O9 i: \9 A# m6 x3 }
- if (_po > Math.random()) { / S* l9 T8 ~; p' j* c( ^! e
- try {
! z0 q8 Z% r' @% a - func(url) , |! h9 ?1 M. E$ L. M V/ F
- } catch(q) {}
5 ^7 D* [" f0 I1 I8 { - }
: E- R7 _% v/ L) ~( P9 ]# k) x% ~( x - }
: N* f3 P. V4 m3 X - }; 5 d, U+ |0 x- v2 h3 S# g- ]
- fstart(aa_url);
7 Q- ^9 x, z. s4 k! a) t' ? - event(window, 'beforeunload', # [9 P) E1 I" ^% _
- function() {}) - j ^+ O3 ?: U8 ^/ |
- })();
0 H R% t, C+ zURL从这里产生6 T& I: t9 h6 y, g4 @, S
2 O3 J3 J, p6 E2 Z4 qhttp://play.unionsky.cn/show/?placeid=141830
- S) _- K5 m, x0 h: N2 d$ t( h7 a2 J z
( y! R/ f) a% O5 q |
发表于 2013-12-17 15:03:03
楼主
D:1
发表于 2013-12-17 15:31:30
发表于 2013-12-17 16:34:22
发表于 2013-12-17 19:34:38
