FCQ网课通助手[全网题库][通用智能适配答题][刷课] was reported 28-07-2024 for Disallowed external code
在第911行
At line 911:function opeationUi(menu) { this.fcq_xm_answer = null; this.$ = $; this.menu = menu; this.xm_window=window this.initMenu(); this.config = {} unsafeWindow.mainProcedure=this window.mainProcedure=this return this; }这个函数通过把window赋值到xm_window,然后把this赋值到unsafeWindow,隐蔽的将this设置到原网页的mainProcedure上,然后通过window.mainProcedure.xm_window.GM_setValue这个函数,由前端调用动态代码
This function assigns the window to xm_window and then assigns this to unsafeWindow, covertly setting this to the original webpage's mainProcedure. Then, using window.mainProcedure.xm_window.GM_setValue, the function allows dynamic code execution to be called from the front end.
具体执行位置为第1531行
The specific execution location is at line 1531:var initSet=`var VideoSpeed=1`; if(!GM_getValue('initSet')){ GM_setValue('initSet',initSet) }; eval(GM_getValue('initSet'))这段代码是本应该执行“var initSet=`var VideoSpeed=1`”,但在前端调用gm_setvalue修改后,此值已变为恶意代码,实际代码引用地址为:https://tcb-w644nfbyxrttaih-2cpr71dbf4b7-1304481250.tcloudbaseapp.com/static/js/pages-index-list.b35c5d5a.js,此行为实际上已经违反规定。
经过对此代码进行分析后,此代码会获取用户的姓名、用户id等上传至第三方服务器,并且在后台静默获取所有课程信息,不经过用户允许就上传
This code is supposed to execute var initSet = "var VideoSpeed = 1", but after the front-end call to gm_setvalue modifies it, this value changes to malicious code. The actual code reference URL is: https://tcb-w644nfbyxrttaih-2cpr71dbf4b7-1304481250.tcloudbaseapp.com/static/js/pages-index-list.b35c5d5a.js. This behavior indeed violates regulations.
After analyzing this code, it is found that it obtains the user's name, user ID, and other information, uploading it to a third-party server. Additionally, it silently collects all course information in the background and uploads it without the user's consent.
请解释原因
please explain
Testwebsite: https://i.mooc.chaoxing.com/
TestUserName and TestPassword: 15637670952 wdm20020810
The evidence provided is that additional functionality has been added, which the script does not have
This script has been updated since the report was filed.
This script has had 3 previous upheld or fixed reports.
webstudy (the reported user) has made:
This report has been upheld by a moderator.
the script has functionality to run eval() on unknown external code