提交form表单时抓包发现出现表单中没有的元素
网址:
http://jwxt.hubu.edu.cn/
查看源码:
<html xmlns="http://www.w3.org/1999/xhtml">
<script type="text/javascript" src="http://jwxt.hubu.edu.cn/js/jspublic.js"></script>
<script>
function ReShowCode(){
var SafeCodeImg = document.getElementById('SafeCodeImg');
SafeCodeImg.innerHTML='';
var timeID = setTimeout('ShowCode()',500);
}
function ShowCode(){
var SafeCodeImg = document.getElementById('SafeCodeImg');
var url="http://jwxt.hubu.edu.cn/verifycode.servlet?"+Math.random();
var htmlurl="<img src=\'"+url+"\' align=\'absmiddle\' onclick=ReShowCode();>'";
SafeCodeImg.innerHTML=htmlurl;
}
</script>
</head>
<iframe style="display: none" name="frmIframe">
</iframe>
<form name="frm" method=post action="http://jwxt.hubu.edu.cn/Logon.do?method=logon" onSubmit="return onSubmint();">
<body>
<div class="login_container">
<div class="login_content">
<div class="login_logo"></div>
<div class="login">
<table width="430" border="0" cellspacing="0" cellpadding="0">
<tr><td width="112" align="right">
<!--
<input type="radio" value="jwxt" checked="checked" name="xtlx"/>教务系统 --> </td>
<td><!-- <input type="radio" id="xkxt_sel" value="xkxt" name="xtlx"/>选课系统 --></td></tr>
<tr>
<td width="112" height="25" align="right">用户名:</td>
<td colspan="2">
<label>
<input name="USERNAME" type="text" id="userAccount" size="22" class="dl_border" maxlength="32" value="" />
</label>
</td>
</tr>
<tr>
<td width="112" height="25" align="right">密 码:</td>
<td colspan="2">
<label>
<input type="password" name="PASSWORD" id="userPassword" value="" size="22" class="dl_border" maxlength="32" />
<input name="useDogCode" type="hidden" value="" />
<input name="useDogCode" id="useDogCode" type="hidden">
</label>
</td>
</tr>
<tr>
<td width="112" height="25" align="right">验证码:</td>
<td colspan="2">
<label>
<input type="text" name="RANDOMCODE" id="RANDOMCODE" style="height:16px;width:93px" size="22" class="dl_border" maxlength="32" />
<span id="SafeCodeImg"> <img src="http://jwxt.hubu.edu.cn/verifycode.servlet" onclick="ReShowCode()" align="middle" width="62" height="22" /></span>
</td>
</tr>
<tr>
<td width="112" height="25" align="right"> </td>
<td align="left" colspan=2>
<font color=red><span id="errorinfo"></span> </font>
</td>
</tr>
<tr>
<td> </td>
<td> </td>
<td height="25" valign=top>
<table width="100%" border=0>
<tr>
<!--用图片式的提交按钮login_05.gif-->
<td width="100"><input type="image" src="http://jwxt.hubu.edu.cn/framework/images/login_05.gif" width="76" height="24" /></td>
<td align="left"><span style="font-size:9pt"><a href="http://jwxt.hubu.edu.cn/framework/enteraccount.jsp" >找回学生密码</a></span></td>
<td align="right"><span style="font-size:9pt"><a href="http://jwxt.hubu.edu.cn:8080/xkxt">学生选课入口</a></span></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
</table>
</td>
</tr>
<tr>
<td height="40"> </td>
<td colspan="2" style="padding-left:0px;padding-bottom:5px" align="left" valign="bottom">
在线用户数:
3213
人 <a target="_blank" href="http://www.qzdatasoft.com"
class="copyright" title="湖南强智科技发展有限公司">技术支持 湖南强智科技发展有限公司</a>
</td>
</tr>
</table>
</div>
<div class="login_dy"></div>
</div>
</div>
</body>
</html>
<
script language="javascript">
var useraccount=null;
var p="window";
var pt="";
if(window.parent!=window || eval(p+".dialogArguments")!=undefined){
for(var i=0;i<20;i++){
try{
if(eval(p+pt+".dialogArguments")==undefined){
pt+=".parent";
useraccount=eval(p+pt+".getUseraccount()");
}else{
pt+=".dialogArguments";
useraccount=eval(p+pt+".getUseraccount()");
}
break;
}catch(e){}
}
}
function onSubmint(){
if (document.frm.USERNAME.value == "" || document.frm.PASSWORD.value == "" ){
alert("请输入完整的登陆信息!");
document.frm.USERNAME.focus();
document.frm.USERNAME.select();
return false;
}
if(useraccount!=null)
document.frm.target="frmIframe";
if(useraccount!=null && useraccount!=document.frm.USERNAME.value){
if(window.confirm("系统检查到您两次登录的账号不一致,是否确定用新账号登录?")){
var ppt=p+pt;
while(ppt.lastIndexOf('.')!=-1){
ppt=ppt.substring(0,ppt.lastIndexOf('.'));
eval(ppt+".close()");
}
eval(p+pt+".reloadmian()");
}else{
document.frm.reset();
}
return false;
}
//判断是否启用进入选课系统
var xkxt_sel = document.getElementById("xkxt_sel");
if(!xkxt_sel.checked){
return true;
}
document.frm.action = selectServer(document.frm.USERNAME.value);
return true;
}
window.onload = function(){
document.getElementById('userAccount').focus();
}
//根据用户帐号选择登录服务器
function selectServer(uName){
var enableServers = true;//是否启用多服务器 true/false
var serversArray = new Array();//服务器列表
serversArray[0] = "http://202.114.144.179:8080/xkxt/";
var loginUrl = "xk/LoginToXk";
if(enableServers == true){
if(!isNaN(uName)){//必须为数字
var modVal = eval(uName % serversArray.length);
loginUrl = serversArray[modVal] + loginUrl;
}else{
loginUrl = serversArray[0] + loginUrl;
}
}else{
loginUrl = ""+ loginUrl;
}
return loginUrl;
}
</script>
form表单只有USERNAME,password,useDogCode,RANDOMCODE这几个值,但是在输入数据后点提交,抓包看到
randomcode是验证码,但是后面的x和y不知道从哪里出来的。对此很疑惑,希望能有人能够解答,谢谢
G線上D瀉藥
9 years, 7 months ago
Answers
这是因为这句的原因:
<input type="image" src="/framework/images/login_05.gif" width="76" height="24">
。
当点击图片提交表单时就会默认加上这两个参数。
When a pointing device is used to click on the image, the form is submitted and the click coordinates passed to the server. The x value is measured in pixels from the left of the image, and the y value in pixels from the top of the image. The submitted data includes name.x=x-value and name.y=y-value where "name" is the value of the name attribute, and x-value and y-value are the x and y coordinate values, respectively.
如果想移除这两个参数的话,就直接使用
<input type="submit">
提交,然后设置背景为该图片即可。
Jacks
answered 9 years, 7 months ago
