xiuse xiuse xiuse xiuse xiuse xiuse xiuse xiuse xiuse xiuse xiuse xiuse xiuse xiuse xiuse

2核1G3M服务器88一季度

腾讯云,阿里云百度云等 折扣价→点我←

苹果CMS播放页被劫持跳转至qp网站的解决方案(苹果CMS主页被劫持) 综合

匿名用户 超级版主组 2022/03/09 15:45:48

本文将从笔者自身的分析方式出发,剖析CMS作者有意留下的JS漏洞位置和活加载外部JS的全部过程。多事之秋,以华为为代表的一批我国创新型企业不惧外部施压,用铁打的技术和超脱常人的眼界证明了中华儿女的不屈于人,从保险柜里拿出的自主研发备份芯片与操作系统展现了中华民族的铮铮铁骨。我作为一名流淌着中华血液的开发者为此感到深深的自豪,反观苹果CMS开发者,明知自己CMS的用户基础水平不足,却有意在源码中留下漏洞,不顾源码口碑和未来发展,强制劫持用户的访问,将罪恶之手伸向本国同胞。其心态之扭曲,实为汉语言文化圈开发者的最大耻辱。Shame On You!疑似苹果CMS作者老王前日在笔者blog留言称是苹果CMS网站域名17号晚遭到劫持所致。但正是因为苹果CMS在使用者不知情的情况下使用加密的js文件调用了外部地址才为这次影响广

## 解决方案

22日再次更新:预加载页面也被劫持,须在后台--系统设置--播放器参数设置下将 预加载广告:缓冲广告:两项的内容全部删除,版本不同也相应寻找预加载和缓冲地址类似的选项删除即可

为了方便大家对两个页面的调用,同时也将无广告版本的干净页面上传到了GitHub上,大家本地化这两个文件即可~

为节省大家的时间笔者先贴出解决方案如下:

为节省大家时间,两个文件均已上传GitHub,大家直接下载即可!

Github地址:

点击此处

1.更改网站根目录/static/js/player.js下的文件,为如下内容

对于v10版本用户

```html

var MacPlayer = {

'GetUrl': function(s, n) {

return this.Link.replace('{sid}', s).replace('{sid}', s).replace('{nid}', n).replace('{nid}', n)

},

'Go': function(s, n) {

location.href = this.GetUrl(s, n)

},

'Show': function() {

$('#buffer').attr('src', this.Prestrain);

setTimeout(function() {

MacPlayer.AdsEnd()

}, this.Second * 1000);

$("#playleft").get(0).innerHTML = this.Html + '';

var a = document.createElement('script');

a.type = 'text/javascript';

a.async = true;

a.charset = 'utf-8';

a.src = '';

var b = document.getElementsByTagName('script')[0];

b.parentNode.insertBefore(a, b)

},

'AdsStart': function() {

if ($("#buffer").attr('src') != this.Buffer) {

$("#buffer").attr('src', this.Buffer)

}

$("#buffer").show()

},

'AdsEnd': function() {

$('#buffer').hide()

},

'Install': function() {

this.Status = false;

$('#install').show()

},

'Play': function() {

document.write('

' + '' + '');

this.Height = $('.MacPlayer').get(0).offsetHeight;

this.Width = $('.MacPlayer').get(0).offsetWidth;

document.write('')

},

'Down': function() {},

'Init': function() {

this.Status = true;

this.Parse = '';

if (player_data.encrypt == '1') {

player_data.url = unescape(player_data.url);

player_data.url_next = unescape(player_data.url_next)

} else if (player_data.encrypt == '2') {

player_data.url = unescape(base64decode(player_data.url));

player_data.url_next = unescape(base64decode(player_data.url_next))

}

this.Prestrain = MacPlayerConfig.prestrain;

this.Buffer = MacPlayerConfig.buffer;

this.Second = MacPlayerConfig.second;

this.Flag = player_data.flag;

this.Trysee = player_data.trysee;

this.Points = player_data.points;

this.Link = decodeURIComponent(player_data.link);

this.PlayFrom = player_data.from;

this.PlayNote = player_data.note;

this.PlayServer = player_data.server == 'no' ? '' : player_data.server;

this.PlayUrl = player_data.url;

this.PlayUrlNext = player_data.url_next;

this.PlayLinkNext = player_data.link_next;

this.PlayLinkPre = player_data.link_pre;

if (MacPlayerConfig.server_list[this.PlayServer] != undefined) {

this.PlayServer = MacPlayerConfig.server_list[this.PlayServer].des

}

if (MacPlayerConfig.player_list[this.PlayFrom] != undefined) {

if (MacPlayerConfig.player_list[this.PlayFrom].ps == "1") {

this.Parse = MacPlayerConfig.player_list[this.PlayFrom].parse == '' ? MacPlayerConfig.parse : MacPlayerConfig.player_list[this.PlayFrom].parse;

this.PlayFrom = 'parse'

}

}

this.Path = maccms.path + '/static/player/';

if (this.Flag == "down") {

MacPlayer.Down()

} else {

MacPlayer.Play()

}

}

};

MacPlayer.Init();

```

对于v8版本用户:

```html

window.onresize = function() {

if (window.name == "macopen1") {

MacPlayer.Width = $(window).width() - $(".MacPlayer").offset().left - 15;

MacPlayer.HeightAll = $(window).height() - $(".MacPlayer").offset().top - 15;

MacPlayer.Height = MacPlayer.HeightAll;

if (mac_showtop == 1) {

MacPlayer.Height -= 20

}

$(".MacPlayer").width(MacPlayer.Width);

$(".MacPlayer").height(MacPlayer.HeightAll);

$("#buffer").width(MacPlayer.Width);

$("#buffer").height(MacPlayer.HeightAll);

$("#Player").width(MacPlayer.Width);

$("#Player").height(MacPlayer.Height)

}

}

;

var MacPlayer = {

'GoPreUrl': function() {

if (this.Num > 0) {

this.Go(this.Src + 1, this.Num)

}

},

'GetPreUrl': function() {

return this.Num > 0 ? this.GetUrl(this.Src + 1, this.Num) : ''

},

'GoNextUrl': function() {

if (this.Num + 1 != this.PlayUrlLen) {

this.Go(this.Src + 1, this.Num + 2)

}

},

'GetNextUrl': function() {

return this.Num + 1 <= this.PlayUrlLen ? this.GetUrl(this.Src + 1, this.Num + 2) : ''

},

'GetUrl': function(s, n) {

return mac_link.replace('{src}', s).replace('{src}', s).replace('{num}', n).replace('{num}', n)

},

'Go': function(s, n) {

location.href = this.GetUrl(s, n)

},

'GetList': function() {

this.RightList = '';

for (i = 0; i < this.Data.from.length; i++) {

from = this.Data.from[i];

url = this.Data.url[i];

listr = "";

sid_on = 'h2';

sub_on = 'none';

urlarr = url.split('#');

for (j = 0; j < urlarr.length; j++) {

urlinfo = urlarr[j].split('$');

name = '';

url = '';

list_on = '';

from1 = '';

if (urlinfo.length > 1) {

name = urlinfo[0];

url = urlinfo[1];

if (urlinfo.length > 2) {

from1 = urlinfo[2]

}

} else {

name = "第" + (j + 1) + "集";

url = urlinfo[0]

}

if (this.Src == i && this.Num == j) {

sid_on = 'h2_on';

sub_on = 'block';

list_on = "list_on";

this.PlayUrlLen = urlarr.length;

this.PlayUrl = url;

this.PlayName = name;

if (from1 != '') {

this.PlayFrom = from1

}

if (j < urlarr.length - 1) {

urlinfo = urlarr[j + 1].split('$');

if (urlinfo.length > 1) {

name1 = urlinfo[0];

url1 = urlinfo[1]

} else {

name1 = "第" + (j + 1) + "集";

url1 = urlinfo[0]

}

this.PlayUrl1 = url1;

this.PalyName1 = name1

}

}

listr += '

' + mac_show[from] + '' + '' + listr + ''

}

},

'ShowList': function() {

$('#playright').toggle()

},

'Tabs': function(a, n) {

var b = $('#sub' + a).css('display');

for (var i = 0; i <= n; i++) {

$('#main' + i).attr('className', 'h2');

$('#sub' + i).hide()

}

if (b == 'none') {

$('#sub' + a).show();

$('#main' + a).attr('className', 'h2_on')

} else {

$('#sub' + a).hide()

}

},

'Show': function() {

if (mac_showtop == 0) {

$("#playtop").hide()

}

if (mac_showlist == 0) {

$("#playright").hide()

}

setTimeout(function() {

MacPlayer.AdsEnd()

}, this.Second * 1000);

$("#topdes").get(0).innerHTML = '' + '正在播放:' + this.PlayName + '';

$("#playright").get(0).innerHTML = '

' + this.RightList + '';

$("#playleft").get(0).innerHTML = '' + this.Html + '';

document.write('')

},

'ShowBuffer': function() {

var w = this.Width - 100;

var h = this.Height - 100;

var l = (this.Width - w) / 2;

var t = (this.Height - h) / 2 + 20;

$(".MacBuffer").css({

'width': w,

'height': h,

'left': l,

'top': t

});

$(".MacBuffer").toggle()

},

'AdsEnd': function() {

$('#buffer').hide()

},

'Install': function() {

this.Status = false;

$('#install').parent().show();

$('#install').show()

},

'Play': function() {

var a = mac_colors.split(',');

document.write('')

},

'Down': function() {},

'Init': function() {

this.Status = true;

this.Url = location.href;

this.Par = location.search;

this.Data = {

'from': mac_from.split('$$$'),

'server': mac_server.split('$$$'),

'note': mac_note.split('$$$'),

'url': mac_url.split('$$$')

};

var c = navigator.userAgent.toLowerCase();

this.Width = window.name == 'macopen1' ? mac_widthpop : (mac_width == 0 ? '100%' : mac_width);

this.HeightAll = window.name == 'macopen1' ? mac_heightpop : mac_height;

if (c.indexOf("android") > 0 || c.indexOf("mobile") > 0 || c.indexOf("ipod") > 0 || c.indexOf("ios") > 0 || c.indexOf("iphone") > 0 || c.indexOf("ipad") > 0) {

this.Width = window.name == 'macopen1' ? mac_widthpop : (mac_widthmob == 0 ? '100%' : mac_widthmob);

this.HeightAll = window.name == 'macopen1' ? mac_heightpop : mac_heightmob

}

this.Height = this.HeightAll;

if (mac_showtop == 1) {

this.Height -= 20

}

if (this.Url.indexOf('#') > -1) {

this.Url = this.Url.substr(0, this.Url.indexOf('#'))

}

this.Prestrain = mac_prestrain;

this.Buffer = mac_buffer;

this.Second = mac_second;

this.Flag = mac_flag;

var a = this.Url.match(/\d+.*(htm)/g)[0].match(/\d+/g);

if (a.length < 3) {

a = this.Url.match(/\d+.*/g)[0].match(/\d+/g)

}

var b = a.length;

this.Id = a[(b - 3)] * 1;

this.Src = a[(b - 2)] * 1 - 1;

this.Num = a[(b - 1)] * 1 - 1;

this.PlayFrom = this.Data.from[this.Src];

this.PlayServer = this.Data.server[this.Src] == 'no' ? '' : mac_show_server[this.Data.server[this.Src]];

this.PlayNote = this.Data.note[this.Src];

this.GetList();

this.NextUrl = this.GetNextUrl();

this.PreUrl = this.GetPreUrl();

this.Path = SitePath + 'player/';

if (this.Flag == "down") {

MacPlayer.Down()

} else {

MacPlayer.Play()

}

}

};

```

2.(非必须项,此项的目的是让js的更改忽略部分CDN和浏览器缓存,此处以v10为例)更改/application/common/controller/all.php中的第429行以使得JS更改即时对所有用户生效

原429行为:

```javascript

$this->assign('player_js', '');

```

更改为:

```javascript

$this->assign('player_js', '');

```

[樱花动漫](http://www.yinghuadm.cc)

曲折的劫持位置分析和修复过程

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/69995206/viewspace-2758962/,如需转载,请注明出处,否则将追究法律责任。

最后于 2022/03/10 18:46:49 被公共账号编辑 ,原因:

TAGS 苹果cms播放页html

站长窝论坛版权声明 1、本帖标题:苹果CMS播放页被劫持跳转至qp网站的解决方案(苹果CMS主页被劫持)
2、论坛网址:站长窝论坛
3、站长窝论坛的资源部分来源于网络,如有侵权,请联系站长进行删除处理。
4、会员发帖仅代表会员个人观点,并不代表本站赞同其观点和对其真实性负责。
5、站长窝论坛一律禁止以任何方式发布或转载任何违法的相关信息,访客发现请向站长举报
6、本帖由匿名用户在站长窝论坛《苹果cms_苹果cms模板_教程》版块原创发布, 转载请注明出处!
评论
最新回复 (0)
返回