DZ Forum login Post data analysis

Http://azhus.com/thread-16-1-1.html

As shown in the figure, is a screenshot of two ways to login (HttpWatch is a very good grab bag tool, you can search in the forum, there are downloaded)
Note: DZ Forum API interface are the same, if you want to modify the content of this analysis data, only need to change the azhus.com to other forum domain name. (Reprint please famous source Ah ...)

The first way, I was directly in the forum to grab the package. The advantage of this login is that if the account is not covered, a post can be directly logged in. Post Address: http://azhus.com/member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes& Lssubmit=yes&inajax=1

Post data: Fastloginfield=username&username= + "Account" + &password= + "MD5 encryption (password)" + &quickforward=yes& Handlekey=ls Copy Code if the account is not covered, the following two results will be returned if the login is successful: <blockquote><?xml version= "1.0" encoding= "utf-8"?> copy Code If you return to either of these two, this means that the landing was successful. return: <?xml version= "1.0" encoding= "Utf-8"?>
<root><! [Cdata[<script type= "Text/javascript" reload= "1" >if (typeof errorhandle_ls== ' function ') {Errorhandle_ls (', {') Type ': ' 1 '}); </script><script type= "Text/javascript" >showwindow (' login ', ' Member.php?mod=logging&action=login &auth=*** Copy Code Description The password is correct but needs to be covered. It will take more than a few jumps at this time. Packet 1 inside can see, when the account has secret insurance, will be more than a get. Get data: Http://azhus.com/member.php?mod=logging&action=login&auth= + "auth" + &referer=http%3a%2f% 2fazhus.com%2f&infloat=yes&handlekey=login&inajax=1&ajaxtarget=fwin_content_login Copy Code What is the auth of this get in the above? By testing the packet you can see that the data returned in the first post is actually managed to be removed.

Capture packet data can be seen, when the secret insurance questions and answers are filled out, there is another post. Post address: http://azhus.com/member.php?mod=logging&action=login& loginsubmit=yes&handlekey=login&loginhash= + "Loginhash" + &inajax=1 copy code above this post, Formhash can be retrieved from the get return of the previous step, and Loginhash is also obtained from the Get Return data. Auth is the first step back, has been used.
As for the last parameter "after UTF8 coded secret security Answer", there is a regular, I use "this +1a," as the secret answer, the test rule is: The space is replaced by the + number, Chinese and the symbol is replaced with UTF8 encoding, the number of letters is not replaced.

OK, so you can log in successfully!


Of course, there is a second way of logging in:
I am from the login page: Http://azhus.com/member.php?mod=logging&action=login crawled packets, as shown in Figure II and packet 2.
Here can be found that this page login only one post, in fact, is very convenient. Post address: http://azhus.com/member.php?mod=logging&action=login&loginsubmit=yes&loginhash= + "Loginhash" + &inajax=1 Copy code where did Loginhash and Formhash from the post come from? In fact, just by the get address: http://azhus.com/member.php?mod=logging& Action=login, from the return of the source of the Web page can be removed.
As long as a post, you can login successfully!

Appendix:
I. The data returned are as follows:
1. * * * Welcome back * * * Now will be transferred to the pre-login page (this is a successful landing
2. * * * Login failed, you can also try * * * * (this is a password error
3. * * * Please select Security questions and fill in the correct answer * * * This is the correct password but has set the secret insurance and the secret answer fill in the wrong
4. * * * Password error too many times, please log back in 15 minutes * * (This does not explain more, as the name implies
5. * * * Sorry, password empty or contain illegal characters * * * (this sometimes because of the network error or something, if not really did not fill in the password, it must be because of the network error
6. <?xml version= "1.0" encoding= "Utf-8"? ><root><! [Cdata[<script type= "Text/javascript" reload= "1" >window.location.href= ' http://azhus.com/./'; </script >]]></root>
(This indicates a successful login, if it is a browser, this will be displayed as a welcome page.)