Today at work, a friend I added temporarily asked me how to use a web page to obtain the visitor's QQ. I had never come across this before and felt very curious, but my brain was very excited and quick at work, and I used the knowledge I had learned to quickly think of a trick, which was to assume that the user had already entered the space or mailbox through QQ before entering the page we set. Yes, there will definitely be cookies left on our computer's browser, so how can we try to do something with this cookie? So I searched on Google and found a closer answer in less than a few seconds, but the original poster who asked the question got nearly 90% of the answer wrong, and died on 10%, so I will make up for this 10%. http://kf.qq.com/cgi-bin/loginTitle?rand, yes, it is this link. If you click this link, you will jump to a page, which returns the XML format, as shown below Copy code The code is as follows:<root> <er>0</er> <login>1</login> <nick>Nickname</nick> <uin>QQ number</uin> </root> Oh my god, this is such a cool thing, it’s solved in an instant. The original poster found this link but didn't figure it out. He was thinking of using ajax or something, but he didn't know how awesome our big iframe is. By putting an iframe with 0 width and height on the page, as long as the user has logged in to QQ-related websites before and left cookies on the browser, the QQ number and nickname can be obtained. Of course, if the user logs in to two QQ numbers at the same time, only one QQ number can be obtained, and the nickname is empty. If the user is not logged in, three zeros will be displayed. Let me tell you secretly, you can also use this iframe to do xss. What, I don’t do xss, I’m a good person, yeah, yes, that’s right. Copy code The code is as follows:<iframe src="http://kf.qq.com/cgi-bin/loginTitle?rand"></iframe> Just like that, I got the visitor’s QQ number, and I don’t have to do any more work. What? I don’t know what the next job is, marketing, entering your page shows that there is an intention, I won’t say more. After reading this, if it is useful to you, you don’t have to thank me. If you really want to thank me, please call me Lei Feng. |
<<: Practical notes on installing Jenkins with docker-compose
>>: MySQL slave library Seconds_Behind_Master delay summary
at at + time at 17:23 at> touch /mnt/file{1..9...
The installation tutorial of mysql 8.0.11 winx64 ...
Let’s not start with the introduction and get str...
【Foreword】 Recently I want to stress test ITOO...
Wildcard categories: %Percent wildcard: indicates...
MySQL InnoDB monitoring (system layer, database l...
1. What is semanticization? Explanation of Bing D...
What is my.ini? my.ini is the configuration file ...
As the first article of this study note, we will ...
When Mysql associates two tables, an error messag...
background Before starting the article, let’s bri...
I suddenly thought of this method when I was writi...
1. Check whether MySQL is installed yum list inst...
Table of contents As a global variable Variable H...
Data Types and Operations Data Table 1.1 MySQL ty...