社工 | 🌇 Endless Soar.

0x01 访问靶场 0x02信息收集 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <HTML> <HEAD> <title>欢迎使用正方教务管理系统！请登录</title> <meta content="IE=7" http-equiv="X-UA-Compatible"> <meta content="text/html; charset=gb2312" http-equiv="Content-Type"> <meta content="gb2312" http-equiv="Content-Language"> <meta name="robots" content="all"> <meta name="author" content="作者信息"> <meta name="Copyright" content="版权信息"> <meta name="description" content="站点介绍"> <meta name="keywords" content="站点关键词"> <LINK rel="icon" type="image/x-icon" href="style/base/favicon.ico"> <LINK rel="shortcut icon" type="image/x-icon" href="style/base/favicon.ico"> <LINK rel="stylesheet" type="text/css" href="style/base/jw.css" media="all"> <LINK rel="stylesheet" type="text/css" href="style/standard/jw.css" media="all">  <style>.fangshua { COLOR: red; FONT-SIZE: 14px; FONT-WEIGHT: bold } .login_right DL { MARGIN: 0px 0px 0px 105px; MIN-HEIGHT: 20px; WIDTH: 285px; _height: 20px } </style> </HEAD> <body class="login_bg"> <form name="form1" onsubmit="return false;" id="form1"> <div class="login_main"> <div class="login_logo"> <h2><IMG src="logo/logo_school.png"></h2> <h3><IMG src="logo/logo_jw.png"></h3> </div> <div class="login_left"><IMG class="login_pic" src="logo/login_pic.png"></div> <div class="login_right"> <dl style="MARGIN-TOP: 92px"> <dt class="uesr"> <label id="lbYhm">学号：</label> </dt> <dd> <input id="a" name="username" type="text" id="txtUserName" tabindex="1" class="text_nor" autocomplete="off" /></dd></dl> <div style="CLEAR: both"></div> <dl> <dt class="passw"> <label id="lbMm">密码：</label> </dt> <dd> <input id="p" name="password" type="password" id="Textbox1" tabindex="2" class="text_nor" autocomplete="off" /><input name="TextBox2" type="password" id="TextBox2" tabindex="2" class="text_nor" onblur="update(this);" autocomplete="off" style="DISPLAY: none" /></dd></dl> <div style="CLEAR: both"></div> <div style="CLEAR: both"></div> <dl> <dd> <table id="RadioButtonList1" border="0"> <tr> <td><input id="RadioButtonList1_0" type="radio" name="RadioButtonList1" value="部门" tabindex="4" /><label for="RadioButtonList1_0">部门</label></td><td><input id="RadioButtonList1_1" type="radio" name="RadioButtonList1" value="教师" tabindex="4" /><label for="RadioButtonList1_1">教师</label></td><td><input id="RadioButtonList1_2" type="radio" name="RadioButtonList1" value="学生" checked="checked" tabindex="4" /><label for="RadioButtonList1_2">学生</label></td><td><input id="RadioButtonList1_3" type="radio" name="RadioButtonList1" value="访客" tabindex="4" /><label for="RadioButtonList1_3">访客</label></td> </tr> </table></dd> <dt></dt> </dl> <div style="CLEAR: both"></div> <dl> <dd> <input type="button" onclick="check();" name="Button1" value="" id="Button1" class="btn_dl" /><input type="submit" name="Button2" value="" id="Button2" class="btn_cz" /><input name="lbLanguage" type="text" id="lbLanguage" style="DISPLAY: none" /> <p><a href="list.xlsx" id="linkForget" target="_blank">录取名单</a><br> <A href="info/query.php" target="_blank"> <span id="lbSelect">学生学籍信息查询系统</span></A></p> </dd> </dl> </div> <div class="login_copyright"><IMG src="logo/二维码.png"><span>©1999-2017 <a href="http://www.zfsoft.com" target="_blank">正方软件股份有限公司</a> <span>版权所有</span></span> <input name="hidPdrs" id="hidPdrs" type="hidden" size="5" /><input name="hidsc" id="hidsc" type="hidden" size="5" /> </div> </div> </form> </body> <script type="text/javascript" src="js/jquery.min.js"></script> <script> function check(){ $.ajax({ url:'checklogin.php', type: 'POST', dataType:'json', data:{ 'a':$('#a').val(), 'p':$('#p').val() }, success:function(data){ alert(data['msg']); }, error:function(data){ alert(data['msg']); } }); } </script> </HTML> 审查源码可获得一份list.xlsx文件，内容为 ...