网友“小好”给我了一个聊天室ip,让我去看看。原本想入侵它的服务器,大概技术没到家,搞了十几分钟,也没有进去。于是,我就想找找这个聊天室有什么BUG。聊天室看得出是用PHP+MySQL组建的。栏目有:用户注册、 忘记密码、 修改资料、 用户自杀、 聊 神 榜、 聊天说明、 刷新列表 。接着就是聊天了。
我随便注册了一个用户名,按照我的喜好,喜欢开xxxxxx用户,这样,我就用xxxxxx注册了一个用户。登陆进去。
从哪儿下手呢?我想还是先看看修改资料,一般聊天室这里总有这样那样的漏洞。点了一下修改资料,于是就进入下一画面,需要输入用户名和秘密。输好了后,下一步,进入资料修改。YES!资料修改中有用户昵称,其实就是用户名,马上查看源文件,看到如下的HMTL语句:
=================================================cut===========
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Atom editor mac version download
The most popular open source editor
WebStorm Mac version
Useful JavaScript development tools
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
