对未标记为可安全执行脚本的ActiveX控件初始化并执行脚为禁用

A- A+
流沙团 运维 8261View 0

【看到好多人 遇到这个问题,如果看完文章没有解决]

加我的QQ:541750337 ,本人有偿帮忙解决(30元一次)

域名为etax.shandong.chinatax.gov.cn的可信任站点不存在

有问题 加我 QQ: 541750337 , 30元一次, 负责搞定

0x01 问题展示

山东税务局的网站的bug图片展示

q3.png

0x02 问题解决

q2.png

0x03 问题 分析

主要原因是程序员脚本的问题

网页中 这段验证代码, 逻辑有问题

view source
print?
01function checkDomainName(hostname, indexOfFlag, WshShellObj) {
02                var domainSFlag = false,
03                    domainEFlag = false,
04                    domainSEFlag = false,
05                    domainSSEFlag = true;
06                var hostnamePrefix, hostnameSuffix = "";
07                var indexOf = hostname.indexOf(indexOfFlag);
08                if (indexOf != -1) {
09                    hostnamePrefix = hostname.substring(0, indexOf);
10                    hostnameSuffix = hostname.substring(indexOf + 1, hostname.length);
11                    try {
12                        WshShellObj.RegRead(
13                            "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\" +
14                            hostname + "\\http");
15                    } catch (e) {
16                        domainEFlag = true;
17                    }
18                    if (domainEFlag) {
19                        try {
20                            WshShellObj.RegRead(
21                                "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\" +
22                                hostnameSuffix + "\\" + hostnamePrefix + "\\http");
23                        } catch (e) {
24                            domainSFlag = true;
25                        }
26                    }
27                    //判断其合法性
28                    if (domainEFlag && domainSFlag) {
29                        try {
30                            WshShellObj.RegRead(
31                                "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\" +
32                                hostnameSuffix + "\\" + hostnamePrefix + "\\*");
33                        } catch (e) {}
34                    }
35                } else {
36                    try {
37                        WshShellObj.RegRead(
38                            "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\" +
39                            hostname + "\\http");
40                    } catch (e) {
41                        domainSEFlag = true;
42                    }
43                    //判断其合法性
44                    if (domainSEFlag) {
45                        try {
46                            WshShellObj.RegRead(
47                                "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\" +
48                                hostname + "\\*");
49                        } catch (e) {}
50                    }
51                }
52                return (domainSFlag && domainEFlag) || domainSEFlag;
53            }

原文链接: 对未标记为可安全执行脚本的ActiveX控件初始化并执行脚为禁用 版权所有,转载时请注明出处,违者必究。
注明出处格式:流沙团 ( https://www.gyarmy.com/?post=544 )

发表评论

0则评论给“对未标记为可安全执行脚本的ActiveX控件初始化并执行脚为禁用”