|
|
本帖最后由 lph1216 于 2014-5-11 22:47 编辑
固件版本:V1R006C00S122
IE输入192.168.1.1,就在这个登录页面,红色方框处
为了工作,按http://jingyan.baidu.com/article/ad310e80b6c68f1848f49e7c.html 开启IE11的企业模式。。。闲得无聊进入光猫看看。。但我并没输入超级账号和密码登录,只是刷新了一下登录页面。。。瞬间。。。就在那刷新的半秒瞬间,在“确定”的左边闪现了“路由设置”这么一个按钮。。。的确是个按钮。。。。只出现在刷新的半秒,接着消失。。。
然后,我就在该页面右键》查看源。。。。在最后面几行。。。除了“确定”、“取消”、“设备注册”之外。。。还真有“路由设置”。。。。
只是我不懂怎么把这个隐藏的按钮搞出来,进去看看有什么稀奇。。。。呵呵,呼唤高手
以下是登录页面的源代码:注意看最后几行就行了
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css">
#div_visite {
margin-left: 50px;
margin-top: 100px;
margin-right: 50px;
margin-bottom: 100px;
font-family: "宋体";
font-size: 12px;
color: #333333;
}
table {
font-family: "宋体";
font-size: 15px;
}
</style>
<script language="JavaScript" src="js/md5.js?688846"></script>
<script language="JavaScript" type="text/javascript">
function stResultInfo(domain,Result, Status,RegIsSuccedFlag)
{
this.domain = domain;
this.Result = Result;
this.Status = Status;
this.RegIsSuccedFlag = RegIsSuccedFlag;
}
function GetRandCnt() { return 688846; }
function MD5(str) { return hex_md5(str); }
var LoginTimes = 0;
var ProductName = 'HG8245';
var Var_DefaultLang = 'chinese';
var Language = "chinese";
document.title = ProductName;
var stResultInfos = new Array(new stResultInfo("InternetGatewayDevice.X_HW_UserInfo","1","0","0"),null);
var Infos = stResultInfos[0];
function stFJWebFlag(FJWebFlag)
{
this.FJWebFlag = FJWebFlag;
}
var stFJWebFlags = new Array(new stFJWebFlag(0),null);;
var stFJWebFlagsinfo = stFJWebFlags[0];
var manageFlag = 0;
function stManageFlag(ManageFlag) {
manageFlag = ManageFlag;
}
var ManageMode = new Array(new stManageFlag(0),null);
var CfgMode ='SCCT';
var base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var base64DecodeChars = new Array(-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1,
-1, -1, -1, -1);
function base64encode(str) {
var out, i, len;
var c1, c2, c3;
len = str.length;
i = 0;
out = "";
while (i < len) {
c1 = str.charCodeAt(i++) & 0xff;
if (i == len) {
out += base64EncodeChars.charAt(c1 >> 2);
out += base64EncodeChars.charAt((c1 & 0x3) << 4);
out += "==";
break;
}
c2 = str.charCodeAt(i++);
if (i == len) {
out += base64EncodeChars.charAt(c1 >> 2);
out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
out += base64EncodeChars.charAt((c2 & 0xF) << 2);
out += "=";
break;
}
c3 = str.charCodeAt(i++);
out += base64EncodeChars.charAt(c1 >> 2);
out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
out += base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >> 6));
out += base64EncodeChars.charAt(c3 & 0x3F);
}
return out;
}
function isValidAscii(val)
{
for ( var i = 0 ; i < val.length ; i++ )
{
var ch = val.charAt(i);
if ( ch < ' ' || ch > '~' )
{
return false;
}
}
return true;
}
function base64decode(str) {
var c1, c2, c3, c4;
var i, len, out;
len = str.length;
i = 0;
out = "";
while (i < len) {
/* c1 */
do {
c1 = base64DecodeChars[str.charCodeAt(i++) & 0xff];
} while (i < len && c1 == -1);
if (c1 == -1)
break;
/* c2 */
do {
c2 = base64DecodeChars[str.charCodeAt(i++) & 0xff];
} while (i < len && c2 == -1);
if (c2 == -1)
break;
out += String.fromCharCode((c1 << 2) | ((c2 & 0x30) >> 4));
/* c3 */
do {
c3 = str.charCodeAt(i++) & 0xff;
if (c3 == 61)
return out;
c3 = base64DecodeChars[c3];
} while (i < len && c3 == -1);
if (c3 == -1)
break;
out += String.fromCharCode(((c2 & 0XF) << 4) | ((c3 & 0x3C) >> 2));
/* c4 */
do {
c4 = str.charCodeAt(i++) & 0xff;
if (c4 == 61)
return out;
c4 = base64DecodeChars[c4];
} while (i < len && c4 == -1);
if (c4 == -1)
break;
out += String.fromCharCode(((c3 & 0x03) << 6) | c4);
}
return out;
}
function SubmitForm() {
var Username = document.getElementById('txt_Username');
var Password = document.getElementById('txt_Password');
var appName = navigator.appName;
var version = navigator.appVersion;
if (appName == "Microsoft Internet Explorer")
{
var versionNumber = version.split(" ")[3];
if (parseInt(versionNumber.split(";")[0]) < 6)
{
alert("不支持IE6.0以下版本。");
return;
}
}
if (Username.value == "") {
alert("用户名不能为空。");
Username.focus();
return false;
}
if (!isValidAscii(Username.value))
{
alert("用户名包含非法字符.");
Username.focus();
return false;
}
if (Password.value == "") {
alert("密码不能为空。");
Password.focus();
return false;
}
if (!isValidAscii(Password.value))
{
alert("密码包含非法字符。");
Password.focus();
return false;
}
var cnt = GetRandCnt();
var cookie2 = "Cookie=" + "tid=" + MD5("" + cnt) + MD5(Username.value + cnt ) + MD5(MD5(Password.value) + cnt) + ":" + "Language:" + Language + ":SubmitType=Login" + ":" +"id=-1;path=/";
document.cookie = cookie2;
Username.disabled = true;
Password.disabled = true;
location.replace('/login.cgi');
return true;
}
function SubmitRouteSet() {
var Username = document.getElementById('txt_Username');
var Password = document.getElementById('txt_Password');
var appName = navigator.appName;
var version = navigator.appVersion;
if (appName == "Microsoft Internet Explorer")
{
var versionNumber = version.split(" ")[3];
if (parseInt(versionNumber.split(";")[0]) < 6)
{
alert("不支持IE6.0以下版本。");
return;
}
}
if (Username.value == "") {
alert("用户名不能为空。");
Username.focus();
return false;
}
if (!isValidAscii(Username.value))
{
alert("用户名包含非法字符.");
Username.focus();
return false;
}
if (Password.value == "") {
alert("密码不能为空。");
Password.focus();
return false;
}
if (!isValidAscii(Password.value))
{
alert("密码包含非法字符。");
Password.focus();
return false;
}
var cnt = GetRandCnt();
var cookie2 = "Cookie=" + "tid=" + MD5("" + cnt) + MD5(Username.value + cnt ) + MD5(MD5(Password.value) + cnt) + ":" + "Language:" + Language + ":SubmitType=SetRoute"+":" +"id=-1;path=/";
document.cookie = cookie2;
Username.disabled = true;
Password.disabled = true;
location.replace('/login.cgi');
return true;
}
function LoadFrame() {
document.getElementById('txt_Username').focus();
if ((LoginTimes != null) && (LoginTimes != '') && (LoginTimes > 0)) {
// setDisplay('loginfail', 1);
document.getElementById('loginfail').style.display = '';
}
if (manageFlag == 1)
{
document.getElementById('regdevice').style.display = 'none';
}
if (('HAINCT' != CfgMode.toUpperCase()) && ('HAINGCT' != CfgMode.toUpperCase()))
{
document.getElementById('routeSet').style.display = 'none';
}
init();
}
function init() {
if (document.addEventListener) {
document.addEventListener("keypress", onHandleKeyDown, false);
} else {
document.onkeypress = onHandleKeyDown;
}
}
function onHandleKeyDown(event) {
var e = event || window.event;
var code = e.charCode || e.keyCode;
if (code == 13) {
SubmitForm();
}
}
function onChangeLanguage(language) {
Language = language;
if (language == "chinese") {
document.getElementById('Chinese').style.color = 'red';
document.getElementById('English').style.color = 'black';
} else {
document.getElementById('Chinese').style.color = 'black';
document.getElementById('English').style.color = 'red';
}
}
function canceltext()
{
document.getElementById('txt_Username').value = "";
document.getElementById('txt_Password').value = "";
}
function JumpToReg()
{
if((1 == stFJWebFlagsinfo.FJWebFlag) && (parseInt(Infos.RegIsSuccedFlag) == 1))
{
window.location="loidgregsuccess.asp";
}
else
{
window.location="loidreg.asp";
}
}
</script>
</head>
<body>
<div id="div_visite">
<table align="center" cellpadding="0" cellspacing="0" bordercolor="#E7E7E7" bgcolor="#E7E7E7" border="0" style="position:relative;">
<tr>
<td height="10" colspan="3" align="center" bgcolor="#FFFFFF"><label>
<script language="javascript">
if ( 'CMCC' == CfgMode.toUpperCase())
{
document.write('<img src="images/logo_cmcc.jpg" width="337" height="117" />');
}
else
{
document.write('<img src="images/logo.jpg" width="337" height="117" />');
}
</script>
</label></td>
</tr>
<tr>
<td width="35%" height="50" align="right" >帐号:</td>
<td width="5%"> </td>
<td><label>
<input name="txt_Username" type="text" id="txt_Username" style="width:140px; font-family:Arial" maxlength="31"/>
</label></td>
</tr>
<tr>
<td height="30" align="right">密码:</td>
<td> </td>
<td><input name="txt_Password" type="password" id="txt_Password" style="width:140px; font-family:Arial" maxlength="127"/></td>
</tr>
<tr>
<td></td>
<td> </td>
<td style="color:#FF0000">
<div id="loginfail" style="display:none;">
<script language="javascript">
if (LoginTimes > 0 && LoginTimes < 3)
{
var str = '您已经' + LoginTimes + '次用户名或密码输入错误!';
document.write(str);
}
if (LoginTimes >= 3)
{
document.write('您已经连续三次登录失败,请1分钟后再登录!');
}
</script>
</div>
</td>
</tr>
<tr>
<td>
<div align="right">
<input type="button" id="routeSet" name="routeSet" value="路由设置"/>
</div>
</td>
<td></td>
<td>
<input type="button" id="btnSubmit" name="btnSubmit" value="确定" onclick="SubmitForm();"/>
<input type="reset" name="Submit2" value="取消"/>
<input type="button" name="regdevice" id="regdevice" value="设备注册" onclick="JumpToReg();"/>
</td>
</tr>
</table>
</div>
<script language="JavaScript" type="text/javascript">
</script>
</body>
</html>
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
×
|
粤公网安备44152102000001号 
发表于 2014-5-11 22:25:21