search

arunboy / love

表白网站
https://arunboy.github.io/love/
848 stars 473 forks source link

为什么加密代码里还夹带私活? #10

Open moniang opened 2 years ago

moniang commented 2 years ago

来自love.min.js

    var sharetext = $("#text-75").text() + "love" + $("#text-76").text() + $("#text-77").text();
    with(sharedesc = $("#text-1").text() + $("#text-2").text() + $("#text-3").text() + $("#text-4").text() + $("#text-5").text() + $("#text-6").text() + $("#text-7").text() + $("#text-8").text() + "......", window._bd_share_config = {
        common: {
            bdSnsKey: {},
            bdText: sharetext,
            bdDesc: sharedesc,
            bdUrl: "http://www.qiugouda.com/love/2014/" + $("#text-href").text() + ".html",
            bdMini: "2",
            bdMiniList: ["mshare", "qzone", "tsina", "bdysc", "weixin", "renren", "tqq", "bdxc", "kaixin001", "tqf", "tieba", "douban", "tsohu", "bdhome", "sqq", "thx", "qq", "ibaidu", "taobao", "hi", "baidu", "sohu", "t163", "qy", "meilishuo", "mogujie", "diandian", "huaban", "leho", "share189", "duitang", "hx", "tfh", "fx", "youdao", "sdo", "qingbiji", "ifeng", "people", "xinhua", "ff", "mail", "kanshou", "isohu", "yaolan", "wealink", "xg", "ty", "iguba", "fbook", "twi", "deli", "s139"],
            bdPic: "http://www.qiugouda.com/love/img/319280.jpg",
            bdStyle: "1",
            bdSize: "32"
        },
        share: {}
    },
    document) 0[(getElementsByTagName("head")[0] || body).appendChild(createElement("script")).src = "http://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion=" + ~ ( - new Date / 36e5)]
moniang commented 2 years ago 
$.post("love.php?add", {
                textHref: b,
                textMusic: c,
                textArr: a
            }
wupei93 commented 2 years ago

@moniang 我不太懂前端, 不过这看起来像是要遍历手机里qq微信之类的文件夹,然后把隐私上传到成 人网站吧, 这也太恐怖了

andatoshiki commented 2 years ago

@moniang 我不太懂前端, 不过这看起来像是要遍历手机里qq微信之类的文件夹,然后把隐私上传到成 人网站吧, 这也太恐怖了

差不多得了 你但凡能读懂点英文看到上面的share也不至于说出这样的话 这不纯纯一个分享按钮吗 分享内容到各各平台的一个接口 别丢人了

wupei93 commented 2 years ago

@moniang 我不太懂前端, 不过这看起来像是要遍历手机里qq微信之类的文件夹,然后把隐私上传到成 人网站吧, 这也太恐怖了

差不多得了 你但凡能读懂点英文看到上面的share也不至于说出这样的话 这不纯纯一个分享按钮吗 分享内容到各各平台的一个接口 别丢人了

大聪明, 你可以试试bdUrl那个网站进去是啥

stultelife commented 2 years ago

@moniang 呃,如果你是说那个域名跳转的问题的话,应该是DNS劫持的问题(代码本身不是恶意代码),你可以换几个国外节点试试。

具体功能应该是实现分享,而且这个网页应该是从一个其他项目扒下来的,所以这里没有处理干净,实际上这个功能在这个page好像没有用到。

结论:域名问题、代码行为没问题,但是代码确实没用

stultelife commented 2 years ago

@wupei93 你可以看看我对上面那个兄弟的回复

ufiredong commented 2 years ago

那个网站 好像是抖yin网站###

JackSparrowT commented 1 year ago

的确是成人网站的转发 搞不懂想干嘛

2066318464 commented 11 months ago

来自love.min.js

  var sharetext = $("#text-75").text() + "love" + $("#text-76").text() + $("#text-77").text();
  with(sharedesc = $("#text-1").text() + $("#text-2").text() + $("#text-3").text() + $("#text-4").text() + $("#text-5").text() + $("#text-6").text() + $("#text-7").text() + $("#text-8").text() + "......", window._bd_share_config = {
      common: {
          bdSnsKey: {},
          bdText: sharetext,
          bdDesc: sharedesc,
          bdUrl: "http://www.qiugouda.com/love/2014/" + $("#text-href").text() + ".html",
          bdMini: "2",
          bdMiniList: ["mshare", "qzone", "tsina", "bdysc", "weixin", "renren", "tqq", "bdxc", "kaixin001", "tqf", "tieba", "douban", "tsohu", "bdhome", "sqq", "thx", "qq", "ibaidu", "taobao", "hi", "baidu", "sohu", "t163", "qy", "meilishuo", "mogujie", "diandian", "huaban", "leho", "share189", "duitang", "hx", "tfh", "fx", "youdao", "sdo", "qingbiji", "ifeng", "people", "xinhua", "ff", "mail", "kanshou", "isohu", "yaolan", "wealink", "xg", "ty", "iguba", "fbook", "twi", "deli", "s139"],
          bdPic: "http://www.qiugouda.com/love/img/319280.jpg",
          bdStyle: "1",
          bdSize: "32"
      },
      share: {}
  },
  document) 0[(getElementsByTagName("head")[0] || body).appendChild(createElement("script")).src = "http://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion=" + ~ ( - new Date / 36e5)]

image image 这个是加密了吗?我找不到🤣