tor.leo
Сообщений: 428
Оценки: 0
Присоединился: 2009-11-03 16:26:32.993333
|
На странице идет сразу авторизация, просканировав - был обнаружен robots.txt с таким содержанием:
Содержимое:
<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
<meta http-equiv="Cache-Control" content="no-cache">
<link rel="SHORTCUT ICON" href="/favicon.ico">
<title>Login</title>
<script language="JavaScript">
var base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var base64DecodeChars = new Array(
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63,
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1,
-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1,
-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1);
function base64encode(str) {
var out, i, len;
var c1, c2, c3;
len = str.length;
i = 0;
out = "";
while(i < len) {
c1 = str.charCodeAt(i++) & 0xff;
if(i == len)
{
out += base64EncodeChars.charAt(c1 >> 2);
out += base64EncodeChars.charAt((c1 & 0x3) << 4);
out += "==";
break;
}
c2 = str.charCodeAt(i++);
if(i == len)
{
out += base64EncodeChars.charAt(c1 >> 2);
out += base64EncodeChars.charAt(((c1 & 0x3)<< 4) | ((c2 & 0xF0) >> 4));
out += base64EncodeChars.charAt((c2 & 0xF) << 2);
out += "=";
break;
}
c3 = str.charCodeAt(i++);
out += base64EncodeChars.charAt(c1 >> 2);
out += base64EncodeChars.charAt(((c1 & 0x3)<< 4) | ((c2 & 0xF0) >> 4));
out += base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >>6));
out += base64EncodeChars.charAt(c3 & 0x3F);
}
return out;
}
function base64decode(str) {
var c1, c2, c3, c4;
var i, len, out;
len = str.length;
i = 0;
out = "";
while(i < len) {
/* c1 */
do {
c1 = base64DecodeChars[str.charCodeAt(i++) & 0xff];
} while(i < len && c1 == -1);
if(c1 == -1)
break;
/* c2 */
do {
c2 = base64DecodeChars[str.charCodeAt(i++) & 0xff];
} while(i < len && c2 == -1);
if(c2 == -1)
break;
out += String.fromCharCode((c1 << 2) | ((c2 & 0x30) >> 4));
/* c3 */
do {
c3 = str.charCodeAt(i++) & 0xff;
if(c3 == 61)
return out;
c3 = base64DecodeChars[c3];
} while(i < len && c3 == -1);
if(c3 == -1)
break;
out += String.fromCharCode(((c2 & 0XF) << 4) | ((c3 & 0x3C) >> 2));
/* c4 */
do {
c4 = str.charCodeAt(i++) & 0xff;
if(c4 == 61)
return out;
c4 = base64DecodeChars[c4];
} while(i < len && c4 == -1);
if(c4 == -1)
break;
out += String.fromCharCode(((c3 & 0x03) << 6) | c4);
}
return out;
}
if (window.opener) {
window.opener.location.href = document.location.href;
self.close();
}
if (top.location != document.location) top.location.href = document.location.href;
var is_DOM = (document.getElementById)? true : false;
var is_NS4 = (document.layers && !is_DOM)? true : false;
var sAgent = navigator.userAgent;
var bIsIE = (sAgent.indexOf("MSIE") > -1)? true : false;
var bIsNS = (is_NS4 || (sAgent.indexOf("Netscape") > -1))? true : false;
var bIsMoz5 = ((sAgent.indexOf("Mozilla/5") > -1) && !bIsIE)? true : false;
if (is_NS4 || bIsMoz5) {
document.writeln("<style type=\"text/css\">");
document.writeln(".spacer { background-image : url(\"/images/tansparent.gif\"); background-repeat : repeat; }");
document.writeln(".operadummy {}");
document.writeln("</style>");
}else if (is_DOM) {
document.writeln("<style type=\"text/css\">");
document.writeln("body {");
document.writeln(" font-family: \"Verdana\", \"Arial\", \"Helvetica\", \"sans-serif\";");
//document.writeln(" font-size: x-small;");
document.writeln(" background-color : #FFFFFF;");
document.writeln(" background-image: URL(\"/images/logon.gif\");");
document.writeln(" background-repeat: no-repeat;");
document.writeln(" background-position: center;");
document.writeln("}");
document.writeln(".spacer {}");
document.writeln(".operadummy {}");
document.writeln("</style>");
//} else if (document.all) {
// document.write('<link rel="stylesheet" href="ie4.css" type="text/css">');
}
function stripSpace(x)
{
return x.replace(/^\W+/,"");
}
var today = new Date();
var expires = new Date(today.getTime() + (365 * 24 * 60 * 60 * 1000));
var timer = null;
var nlen = 0;
function Set_Cookie(name,value,expires,path,domain,secure)
{
document.cookie = name + "=" +escape(value) +
( (expires) ? ";expires=" + expires.toGMTString() : "") +
( (path) ? ";path=" + path : "") +
( (domain) ? ";domain=" + domain : "") +
( (secure) ? ";secure" : "");
}
Set_Cookie("has_cookie", "1", expires);
var has_cookie = Get_Cookie("has_cookie") == null ? false : true;
function Get_Cookie(name)
{
var start = document.cookie.indexOf(name+"=");
var len = start+name.length+1;
if ((!start) && (name != document.cookie.substring(0,name.length))) return null;
if (start == -1) return null;
var end = document.cookie.indexOf(";",len);
if (end == -1) end = document.cookie.length;
return unescape(document.cookie.substring(len,end));
}
function save_cookies()
{
var fm = document.forms[0];
cookie_name = "mingzi";
if (has_cookie && fm.save_username_info.checked) {
Set_Cookie(cookie_name, fm.un.value, expires);
} else if (Get_Cookie(cookie_name)) {
document.cookie = cookie_name + "=" +
"; expires=Thu, 01-Jan-70 00:00:01 GMT";
}
cookie_name = "kouling";
if (has_cookie && fm.save_username_info.checked) {
Set_Cookie(cookie_name, fm.pw.value, expires);
} else if (Get_Cookie(cookie_name)) {
document.cookie = cookie_name + "=" +
"; expires=Thu, 01-Jan-70 00:00:01 GMT";
}
}
var admin_pw = null;
function get_cookies()
{
var fm = document.forms[0];
admin_id = Get_Cookie("mingzi");
if (admin_id != null) {
fm.admin_id.value = base64decode(admin_id);
fm.save_username_info.checked = true;
}
admin_pw = Get_Cookie("kouling");
if (admin_pw != null) {
fm.admin_pw.value = base64decode(admin_pw);
fm.save_username_info.checked = true;
nlen = fm.admin_pw.value.toString().length;
star = "***********************************";
fm.admin_pw.value += star.substring(0, 31 - nlen);
} else {
fm.admin_pw.value = "";
}
fm.pw.value = fm.admin_pw.value;
fm.admin_id.select();
fm.admin_id.focus();
}
function checkPassword()
{
var fm = document.forms[0];
if (fm.admin_pw.value != fm.pw.value) {
nlen = fm.admin_pw.value.toString().length;
if (nlen>31) nlen = 31;
}
}
function checkIt()
{
var fm = document.forms[0];
var d = new Date();
fm.time.value = d.getTime().toString().substring(4,13);
name = fm.admin_id.value; //stripSpace(fm.admin_id.value);
pass = fm.admin_pw.value; //stripSpace(fm.admin_pw.value);
if ( (name.length > 0)
&& (pass.length > 0)
) {
fm.un.value=base64encode(name);
if (pass != fm.pw.value) { // password changed
fm.pw.value=base64encode(pass);
} else {
fm.pw.value=base64encode(pass.substring(0,nlen));
}
save_cookies();
fm.admin_id.value="";
fm.admin_pw.value="";
//fm.submit();
return true;
}
return false;
}
function cancelIt()
{
return false;
}
function auto_submit()
{
var fm = document.forms[0];
get_cookies();
fm.admin_id.select();//focus();
return checkIt();
}
function testSelect()
{
document.forms[0].admin_pw.select();
}
function write_one_check_box(txt)
{
if (has_cookie) {
document.writeln("<tr align='center' valign='middle'>");
document.writeln("<td align='center' colspan='2' style='color:white;font-size:10pt;'>");
document.writeln("<in"+"put name='"+txt+"' type='checkbox' tabindex='3'>");
document.writeln("Remember my name and password</td></tr>");
}
}
function reloadNow()
{
document.location = document.location;
}
var margin_top = 0;
if (document.layers || bIsMoz5) {
margin_top = (window.innerHeight - 330) / 2;
if (margin_top < 0) margin_top = 0;
window.onResize = reloadNow;
}
</script>
</head>
<body bgcolor="White" link="Black" onLoad="get_cookies();">
<noscript>
<h1>This WebUI administration tool requires scripting support.</h1>
<h2>Please obtain the latest version of browsers which support the Javascript language or
enable scripting by changing the browser setting
if you are using the latest version of the browsers.
</h2>
</noscript>
<FORM method="POST" name="login" autocomplete="off" onsubmit="return checkIt();" ACTION="/index.html">
<script language="javascript">
if (bIsMoz5 && (margin_top > 0)) {
document.writeln("<table width='100%' border='0' cellspacing='0' cellpadding='0' style='margin-top: " + margin_top + "px;'>");
} else {
document.writeln("<table width='100%' height='100%' border='0' cellspacing='0' cellpadding='0'>");
}
</script>
<tr align="center" valign="middle" style="width: 471px; height: 330px;">
<td align="center" valign="middle" scope="row">
<script language="javascript">
if (is_NS4 || bIsMoz5) {
document.writeln("<table background='/images/logon.gif' width='471' height='330' border='0' cellpadding='0' cellspacing='0'>");
} else {
document.writeln("<table border='0' cellpadding='0' cellspacing='0'>");
}
</script>
<tr align="center" valign="middle">
<td width="100%" align="center" valign="middle">
<table bgcolor='' background='' border='0'>
<tr align="center" valign="middle">
<th align="right" style="color:white;font-size:10pt;">Admin Name: </th>
<td align="left" style="color:white;font-size:10pt;"><INPUT type=text name="admin_id" tabindex="1" SIZE="21" MAXLENGTH="31" VALUE="">
</td>
</tr>
<tr align="center" valign="middle">
<th align="right" style="color:white;font-size:10pt;">Password: </th>
<td align="left" style="color:white;font-size:10pt;"><INPUT type="password" name="admin_pw" tabindex="2" onFocus="testSelect();" onChange="checkPassword();" SIZE="21" MAXLENGTH="31" VALUE="">
</td>
</tr>
<script language="javascript">
write_one_check_box("save_username_info");
</script>
<tr align="center" valign="middle">
<td> </td>
<td align="left">
<INPUT type="submit" tabindex=\ "4\" VALUE=" Login ">
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<INPUT type="hidden" name="time" VALUE="0">
<INPUT type="hidden" name="un" VALUE="">
<INPUT type="hidden" name="pw" VALUE="">
</FORM>
</body>
</html> что можете хорошего подскахать?
|