Using iframe techniques to obtain visitor QQ implementation ideas and sample code

Today at work, a friend I added temporarily asked me how to use a web page to obtain the visitor's QQ.

I had never come across this before and felt very curious, but my brain was very excited and quick at work, and I used the knowledge I had learned to quickly think of a trick, which was to assume that the user had already entered the space or mailbox through QQ before entering the page we set. Yes, there will definitely be cookies left on our computer's browser, so how can we try to do something with this cookie? So I searched on Google and found a closer answer in less than a few seconds, but the original poster who asked the question got nearly 90% of the answer wrong, and died on 10%, so I will make up for this 10%.

http://kf.qq.com/cgi-bin/loginTitle?rand, yes, it is this link. If you click this link, you will jump to a page, which returns the XML format, as shown below

Copy code

The code is as follows:

<root>
<er>0</er>
<login>1</login>
<nick>Nickname</nick>
<uin>QQ number</uin>
</root>

Oh my god, this is such a cool thing, it’s solved in an instant. The original poster found this link but didn't figure it out. He was thinking of using ajax or something, but he didn't know how awesome our big iframe is. By putting an iframe with 0 width and height on the page, as long as the user has logged in to QQ-related websites before and left cookies on the browser, the QQ number and nickname can be obtained. Of course, if the user logs in to two QQ numbers at the same time, only one QQ number can be obtained, and the nickname is empty. If the user is not logged in, three zeros will be displayed. Let me tell you secretly, you can also use this iframe to do xss. What, I don’t do xss, I’m a good person, yeah, yes, that’s right.

Copy code

The code is as follows:

Just like that, I got the visitor’s QQ number, and I don’t have to do any more work. What? I don’t know what the next job is, marketing, entering your page shows that there is an intention, I won’t say more.

After reading this, if it is useful to you, you don’t have to thank me. If you really want to thank me, please call me Lei Feng.

<<: Practical notes on installing Jenkins with docker-compose

>>: MySQL slave library Seconds_Behind_Master delay summary

Detailed explanation of ssh password-free login configuration method (pictures and commands)

Using iframe techniques to obtain visitor QQ implementation ideas and sample code

Detailed explanation of ssh password-free login configuration method (pictures and commands)

A bug fix for Tomcat's automatic shutdown

How to recompile Nginx and add modules

JavaScript MouseEvent Case Study

Tomcat reports an error when starting the springboot project war package: Error when starting the child

Detailed explanation of several commands in Linux to obtain detailed hardware information

Using js to achieve waterfall effect

User experience analysis of facebook dating website design

Docker mounts local directories and data volume container operations

Methods of adaptive web design (good access experience on mobile phones)

Recommend

Some tips for writing high-performance HTML applications

Analysis of the usage of replace and regexp for regular expression replacement in MySQL

Summary of commonly used tags in HTML (must read)

Example code for configuring monitoring items and aggregated graphics in Zabbix

How to change password and set password complexity policy in Ubuntu

CocosCreator Getting Started Tutorial: Network Communication

Detailed explanation of the use of default in MySQL

Nginx cache files and dynamic files automatic balancing configuration script

The difference between Update and select in MySQL for single and multiple tables, and views and temporary tables

VMware Workstation 14 Pro installs CentOS 7.0

HTML elements (tags) and their usage

Nginx stream configuration proxy (Nginx TCP/UDP load balancing)

What are the advantages of MySQL MGR?

Introduction to MySQL Connection Control Plugin

What does input type mean and how to limit input