|
*求助技巧:规则求助时,请提供“规则报告.txt”、“帐号密码“、”.hwl数据包“、”.wzdr规则“等,否则可能无法给您满意答案!
*大家也有自己的事情要做,所以尽量详细,有助于更快得到大家的答复。拒绝伸手党!
*如果此求助信息不详细,或者有答案不采纳的,将会被移动灌水版块。
*规则报告内容太多,请保存为.txt文件上传,否则违规文本,会被系统禁止,无法发帖成功。
[登录提交网址1]http://bbs.xixihere.com/member.php?mod=logging&action=login&infloat=yes&handlekey=login&referer=http%3A%2F%2Fbbs.xixihere.com%2F&inajax=1&ajaxtarget=fwin_content_login[/登录提交网址1]
[登录前提交1参数1]<input type="hidden" name="formhash" value="(.*?)" />[登录前提交1参数1]
[登录前提交网址1]http://bbs.xixihere.com/member.php?mod=logging&action=login&loginsubmit=yes&handlekey=login&loginhash=Li6Vd&inajax=1[/登录前提交网址1]
[登录前提交数据1]formhash={登录前提交1参数1}&referer=http%3A%2F%2Fbbs.xixihere.com%2F&loginfield=username&username=monic422&password=1984422&questionid=0&answer=[/登录前提交数据1]
[登录成功特征1]"text/javascript" reload===登陆成功。。。[/登录成功特征1]
[登录失败特征1][/登录失败特征1]
规则报告
■■■■■■■■[15:48:48] 编码 【全局】: gbk
■■■■■■■■[15:48:48]
■■■■■■■■■■■■■■■■↓登录规则↓■■■■■■■■■■■■■■■■
■■■■■■■■[15:48:48] 登录前提交网址1 【处理前】: http://bbs.xixihere.com/member.php?mod=logging&action=login&loginsubmit=yes&handlekey=login&loginhash=Li6Vd&inajax=1
■■■■■■■■[15:48:48] 登录前提交网址1 【处理后】: http://bbs.xixihere.com/member.php?mod=logging&action=login&loginsubmit=yes&handlekey=login&loginhash=Li6Vd&inajax=1
■■■■■■■■[15:48:48] 登录前提交数据1 【处理前】: formhash={登录前提交1参数1}&referer=http%3A%2F%2Fbbs.xixihere.com%2F&loginfield=username&username=monic422&password=1984422&questionid=0&answer=
■■■■■■■■[15:48:48] 登录前提交数据1 【处理后】: formhash=&referer=http%3A%2F%2Fbbs.xixihere.com%2F&loginfield=username&username=monic422&password=1984422&questionid=0&answer=
■■■■■■■■[15:48:48] 登录前提交网址1 【返回】: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>bbs.xixihere.com - System Error</title>
<meta http-equiv="Content-Type" content="text/html; charset=gbk" />
<meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" />
<style type="text/css">
<!--
body { background-color: white; color: black; font: 9pt/11pt verdana, arial, sans-serif;}
#container { width: 1024px; }
#message { width: 1024px; color: black; }
.red {color: red;}
a:link { font: 9pt/11pt verdana, arial, sans-serif; color: red; }
a:visited { font: 9pt/11pt verdana, arial, sans-serif; color: #4e4e4e; }
h1 { color: #FF0000; font: 18pt "Verdana"; margin-bottom: 0.5em;}
.bg1{ background-color: #FFFFCC;}
.bg2{ background-color: #EEEEEE;}
.table {background: #AAAAAA; font: 11pt Menlo,Consolas,"Lucida Console"}
.info {
background: none repeat scroll 0 0 #F3F3F3;
border: 0px solid #aaaaaa;
border-radius: 10px 10px 10px 10px;
color: #000000;
font-size: 11pt;
line-height: 160%;
margin-bottom: 1em;
padding: 1em;
}
.help {
background: #F3F3F3;
border-radius: 10px 10px 10px 10px;
font: 12px verdana, arial, sans-serif;
text-align: center;
line-height: 160%;
padding: 1em;
}
.sql {
background: none repeat scroll 0 0 #FFFFCC;
border: 1px solid #aaaaaa;
color: #000000;
font: arial, sans-serif;
font-size: 9pt;
line-height: 160%;
margin-top: 1em;
padding: 4px;
}
-->
</style>
</head>
<body>
<div id="container">
<h1>Discuz! System Error</h1>
<div class='info'><li>您当前的访问请求当中含有非法字符,已经被系统拒绝</li></div>
<div class="info"><p><strong>PHP Debug</strong></p><table cellpadding="5" cellspacing="1" width="100%" class="table"><tr><td><ul><li>[Line: 0026]member.php(discuz_application->init)</li><li>[Line: 0071]source/class/discuz/discuz_application.php(discuz_application->_init_misc)</li><li>[Line: 0552]source/class/discuz/discuz_application.php(discuz_application->_xss_check)</li><li>[Line: 0355]source/class/discuz/discuz_application.php(system_error)</li><li>[Line: 0023]source/function/function_core.php(discuz_error::system_error)</li><li>[Line: 0024]source/class/discuz/discuz_error.php(discuz_error::debug_backtrace)</li></ul></td></tr></table></div><div class="help"><a >bbs.xixihere.com</a> 已经将此出错信息详细记录, 由此给您带来的访问不便我们深感歉意. </div>
</div>
</body>
</html>
■■■■■■■■[15:48:48] 登录提交网址1 【处理前】: http://bbs.xixihere.com/member.php?mod=logging&action=login&infloat=yes&handlekey=login&referer=http%3A%2F%2Fbbs.xixihere.com%2F&inajax=1&ajaxtarget=fwin_content_login
■■■■■■■■[15:48:48] 登录提交网址1 【处理后】: http://bbs.xixihere.com/member.php?mod=logging&action=login&infloat=yes&handlekey=login&referer=http%3A%2F%2Fbbs.xixihere.com%2F&inajax=1&ajaxtarget=fwin_content_login
■■■■■■■■[15:48:48] 登录提交网址1 【返回】: <?xml version="1.0" encoding="gbk"?>
<root><![CDATA[
<div id="main_messaqge_LNKid">
<div id="layer_login_LNKid">
<h3 class="flb">
<em id="returnmessage_LNKid">
用户登录</em>
<span><a href="javascript:;" class="flbc" onclick="hideWindow('login', 0, 1);" title="关闭">关闭</a></span>
</h3>
<form method="post" autocomplete="off" name="login" id="loginform_LNKid" class="cl" onsubmit="pwdclear = 1;ajaxpost('loginform_LNKid', 'returnmessage_LNKid', 'returnmessage_LNKid', 'onerror');return false;" action="member.php?mod=logging&action=login&loginsubmit=yes&handlekey=login&loginhash=LNKid">
<div class="c cl">
<input type="hidden" name="formhash" value="142e92c1" />
<input type="hidden" name="referer" value="http://bbs.xixihere.com/" />
<div class="rfm">
<table>
<tr>
<th>
<span class="login_slct">
<select name="loginfield" style="float: left;" width="45" id="loginfield_LNKid">
<option value="username">用户名</option>
<option value="uid">UID</option>
<option value="email">Email</option>
</select>
</span>
</th>
<td><input type="text" name="username" id="username_LNKid" autocomplete="off" size="30" class="px p_fre" tabindex="1" value="" /></td>
<td class="tipcol"><a href="member.php?mod=register">注册</a></td>
</tr>
</table>
</div>
<div class="rfm">
<table>
<tr>
<th><label for="password3_LNKid">密码:</label></th>
<td><input type="password" id="password3_LNKid" name="password" onfocus="clearpwd()" size="30" class="px p_fre" tabindex="1" /></td>
<td class="tipcol"><a href="javascript:;" onclick="display('layer_login_LNKid');display('layer_lostpw_LNKid');" title="找回密码">找回密码</a></td>
</tr>
</table>
</div>
<div class="rfm">
<table>
<tr>
<th>安全提问:</th>
<td><select id="loginquestionid_LNKid" width="213" name="questionid" onchange="if($('loginquestionid_LNKid').value > 0) {$('loginanswer_row_LNKid').style.display='';} else {$('loginanswer_row_LNKid').style.display='none';}">
<option value="0">安全提问(未设置请忽略)</option>
<option value="1">母亲的名字</option>
<option value="2">爷爷的名字</option>
<option value="3">父亲出生的城市</option>
<option value="4">您其中一位老师的名字</option>
<option value="5">您个人计算机的型号</option>
<option value="6">您最喜欢的餐馆名称</option>
<option value="7">驾驶执照最后四位数字</option>
</select></td>
</tr>
</table>
</div>
<div class="rfm" id="loginanswer_row_LNKid" style="display:none">
<table>
<tr>
<th>答案:</th>
<td><input type="text" name="answer" id="loginanswer_LNKid" autocomplete="off" size="30" class="px p_fre" tabindex="1" /></td>
</tr>
</table>
</div>
<div class="rfm bw0">
<table>
<tr>
<th></th>
<td><label for="cookietime_LNKid"><input type="checkbox" class="pc" name="cookietime" id="cookietime_LNKid" tabindex="1" value="2592000" />自动登录</label></td>
</tr>
</table>
</div>
<div class="rfm mbw bw0">
<table width="100%">
<tr>
<th> </th>
<td>
<button class="pn pnc" type="submit" name="loginsubmit" value="true" tabindex="1"><strong>登录</strong></button>
</td>
<td>
</td>
</tr>
</table>
</div>
</div>
</form>
</div>
<div id="layer_lostpw_LNKid" style="display: none;">
<h3 class="flb">
<em id="returnmessage3_LNKid">找回密码</em>
<span><a href="javascript:;" class="flbc" onclick="hideWindow('login')" title="关闭">关闭</a></span>
</h3>
<form method="post" autocomplete="off" id="lostpwform_LNKid" class="cl" onsubmit="ajaxpost('lostpwform_LNKid', 'returnmessage3_LNKid', 'returnmessage3_LNKid', 'onerror');return false;" action="member.php?mod=lostpasswd&lostpwsubmit=yes&infloat=yes">
<div class="c cl">
<input type="hidden" name="formhash" value="142e92c1" />
<input type="hidden" name="handlekey" value="lostpwform" />
<div class="rfm">
<table>
<tr>
<th><span class="rq">*</span><label for="lostpw_email">Email:</label></th>
<td><input type="text" name="email" id="lostpw_email" size="30" value="" tabindex="1" class="px p_fre" /></td>
</tr>
</table>
</div>
<div class="rfm">
<table>
<tr>
<th><label for="lostpw_username">用户名:</label></th>
<td><input type="text" name="username" id="lostpw_username" size="30" value="" tabindex="1" class="px p_fre" /></td>
</tr>
</table>
</div>
<div class="rfm mbw bw0">
<table>
<tr>
<th></th>
<td><button class="pn pnc" type="submit" name="lostpwsubmit" value="true" tabindex="100"><span>提交</span></button></td>
</tr>
</table>
</div>
</div>
</form>
</div>
</div>
<div id="layer_message_LNKid" style="display: none;">
<h3 class="flb" id="layer_header_LNKid">
<em>用户登录</em>
<span><a href="javascript:;" class="flbc" onclick="hideWindow('login')" title="关闭">关闭</a></span>
</h3>
<div class="c"><div class="alert_right">
<div id="messageleft_LNKid"></div>
<p class="alert_btnleft" id="messageright_LNKid"></p>
</div>
</div>
<script type="text/javascript" reload="1">
var pwdclear = 0;
function initinput_login() {
document.body.focus();
if($('loginform_LNKid')) {
$('loginform_LNKid').username.focus();
}
simulateSelect('loginfield_LNKid');
}
initinput_login();
function clearpwd() {
if(pwdclear) {
$('password3_LNKid').value = '';
}
pwdclear = 0;
}
</script>]]></root>
"formhash" 没取
别在主页登录,主页登录抓包无这个值
先点注册,在点登录,在抓包
|
|