提交form表单时抓包发现出现表单中没有的元素


网址: http://jwxt.hubu.edu.cn/
查看源码:


 <html xmlns="http://www.w3.org/1999/xhtml">
<script type="text/javascript" src="http://jwxt.hubu.edu.cn/js/jspublic.js"></script>


<script>
function ReShowCode(){
    var SafeCodeImg = document.getElementById('SafeCodeImg');
    SafeCodeImg.innerHTML='';
    var timeID = setTimeout('ShowCode()',500);
}
function ShowCode(){
    var SafeCodeImg = document.getElementById('SafeCodeImg');
    var url="http://jwxt.hubu.edu.cn/verifycode.servlet?"+Math.random();
    var htmlurl="<img src=\'"+url+"\' align=\'absmiddle\' onclick=ReShowCode();>'";
    SafeCodeImg.innerHTML=htmlurl;
}
</script>


    </head>
    <iframe style="display: none" name="frmIframe"> 
    </iframe>
    <form name="frm" method=post action="http://jwxt.hubu.edu.cn/Logon.do?method=logon" onSubmit="return onSubmint();">
        <body>
            <div class="login_container">
                <div class="login_content">
                    <div class="login_logo"></div>
                    <div class="login">
                        <table width="430" border="0" cellspacing="0" cellpadding="0">
                        <tr><td width="112" align="right">
                        <!-- 
                        <input type="radio" value="jwxt" checked="checked" name="xtlx"/>教务系统 --> </td>
                        <td><!-- <input type="radio" id="xkxt_sel" value="xkxt"  name="xtlx"/>选课系统 --></td></tr>
                            <tr>
                                <td width="112" height="25" align="right">用户名:</td>
                                <td colspan="2">
                                    <label>
                                        <input name="USERNAME" type="text" id="userAccount" size="22" class="dl_border" maxlength="32" value="" />
                                    </label>
                                </td>
                            </tr>
                            <tr>
                                <td width="112" height="25" align="right">密  码:</td>
                                <td colspan="2">
                                    <label>
                                        <input type="password" name="PASSWORD" id="userPassword" value="" size="22" class="dl_border" maxlength="32" />
                                        <input name="useDogCode" type="hidden" value="" />
                                        <input name="useDogCode" id="useDogCode" type="hidden">
                                    </label>
                                </td>
                            </tr>

                                <tr>
                                    <td width="112" height="25" align="right">验证码:</td>
                                    <td colspan="2">
                                        <label>
                                            <input type="text" name="RANDOMCODE" id="RANDOMCODE" style="height:16px;width:93px" size="22" class="dl_border" maxlength="32" />
                                            <span id="SafeCodeImg"> <img src="http://jwxt.hubu.edu.cn/verifycode.servlet" onclick="ReShowCode()" align="middle" width="62" height="22" /></span>
                                    </td>
                                </tr>

                            <tr>
                                <td width="112" height="25" align="right"> </td>
                                <td align="left" colspan=2>
                                    <font color=red><span id="errorinfo"></span> </font>
                                </td>
                            </tr>
                            <tr>
                                <td> </td>
                                <td> </td>
                                <td height="25" valign=top>
                                    <table width="100%" border=0>
                                        <tr>
                                            <!--用图片式的提交按钮login_05.gif-->
                                            <td width="100"><input type="image" src="http://jwxt.hubu.edu.cn/framework/images/login_05.gif" width="76" height="24" /></td>
                                            <td align="left"><span style="font-size:9pt"><a href="http://jwxt.hubu.edu.cn/framework/enteraccount.jsp" >找回学生密码</a></span></td>
                                            <td align="right"><span style="font-size:9pt"><a href="http://jwxt.hubu.edu.cn:8080/xkxt">学生选课入口</a></span></td>
                                        </tr>
                                        <tr>
                                            <td colspan=2> </td>
                                        </tr>
                                    </table>
                                </td>
                            </tr>
                            <tr>
                                <td height="40"> </td>
                                <td colspan="2" style="padding-left:0px;padding-bottom:5px" align="left" valign="bottom">
                                    在线用户数:
                                    3213
                                    人  <a  target="_blank" href="http://www.qzdatasoft.com" 
                                    class="copyright" title="湖南强智科技发展有限公司">技术支持 湖南强智科技发展有限公司</a>
                                </td>
                            </tr>
                        </table>
                    </div>
                    <div class="login_dy"></div>
                </div>
            </div>
        </body>
</html>


<

script language="javascript">
var useraccount=null;
var p="window";
var pt="";

if(window.parent!=window || eval(p+".dialogArguments")!=undefined){
    for(var i=0;i<20;i++){
        try{
            if(eval(p+pt+".dialogArguments")==undefined){
                pt+=".parent";
                useraccount=eval(p+pt+".getUseraccount()");
            }else{
                pt+=".dialogArguments";
                useraccount=eval(p+pt+".getUseraccount()");
            }
            break;
        }catch(e){}
    }
}

function onSubmint(){

    if (document.frm.USERNAME.value == "" || document.frm.PASSWORD.value == "" ){
        alert("请输入完整的登陆信息!");
        document.frm.USERNAME.focus();
        document.frm.USERNAME.select();
        return false;
    }
    if(useraccount!=null)
        document.frm.target="frmIframe";
    if(useraccount!=null && useraccount!=document.frm.USERNAME.value){
        if(window.confirm("系统检查到您两次登录的账号不一致,是否确定用新账号登录?")){
            var ppt=p+pt;
            while(ppt.lastIndexOf('.')!=-1){
                ppt=ppt.substring(0,ppt.lastIndexOf('.'));
                eval(ppt+".close()");
            }
            eval(p+pt+".reloadmian()");
        }else{
            document.frm.reset();
        }
        return false;
    }

    //判断是否启用进入选课系统
    var xkxt_sel = document.getElementById("xkxt_sel");
    if(!xkxt_sel.checked){
        return true;
    }
    document.frm.action = selectServer(document.frm.USERNAME.value);

    return true;
}

window.onload = function(){
    document.getElementById('userAccount').focus();
}


//根据用户帐号选择登录服务器
function selectServer(uName){
    var enableServers = true;//是否启用多服务器 true/false
    var serversArray = new Array();//服务器列表


        serversArray[0] = "http://202.114.144.179:8080/xkxt/";


    var loginUrl = "xk/LoginToXk";
    if(enableServers == true){
        if(!isNaN(uName)){//必须为数字
            var modVal = eval(uName % serversArray.length);
            loginUrl = serversArray[modVal] + loginUrl;
        }else{
            loginUrl = serversArray[0] + loginUrl;
        }
    }else{
        loginUrl = ""+ loginUrl;
    }
    return loginUrl;
}
</script>

form表单只有USERNAME,password,useDogCode,RANDOMCODE这几个值,但是在输入数据后点提交,抓包看到 图片描述

randomcode是验证码,但是后面的x和y不知道从哪里出来的。对此很疑惑,希望能有人能够解答,谢谢

http form HTML

G線上D瀉藥 9 years, 8 months ago

一般X,Y都是只代表一些位置信息,没有用的。那可以把那值写死即可

2428750 answered 9 years, 8 months ago

x,y是你点击登录按钮的位置信息

万年受QAQ answered 9 years, 8 months ago

这是因为这句的原因: <input type="image" src="/framework/images/login_05.gif" width="76" height="24">
当点击图片提交表单时就会默认加上这两个参数。

When a pointing device is used to click on the image, the form is submitted and the click coordinates passed to the server. The x value is measured in pixels from the left of the image, and the y value in pixels from the top of the image. The submitted data includes name.x=x-value and name.y=y-value where "name" is the value of the name attribute, and x-value and y-value are the x and y coordinate values, respectively.

如果想移除这两个参数的话,就直接使用 <input type="submit"> 提交,然后设置背景为该图片即可。

Jacks answered 9 years, 8 months ago

Your Answer