Using iframe techniques to obtain visitor QQ implementation ideas and sample code

Today at work, a friend I added temporarily asked me how to use a web page to obtain the visitor's QQ.

I had never come across this before and felt very curious, but my brain was very excited and quick at work, and I used the knowledge I had learned to quickly think of a trick, which was to assume that the user had already entered the space or mailbox through QQ before entering the page we set. Yes, there will definitely be cookies left on our computer's browser, so how can we try to do something with this cookie? So I searched on Google and found a closer answer in less than a few seconds, but the original poster who asked the question got nearly 90% of the answer wrong, and died on 10%, so I will make up for this 10%.

http://kf.qq.com/cgi-bin/loginTitle?rand, yes, it is this link. If you click this link, you will jump to a page, which returns the XML format, as shown below

Copy code

The code is as follows:

<root>
<er>0</er>
<login>1</login>
<nick>Nickname</nick>
<uin>QQ number</uin>
</root>

Oh my god, this is such a cool thing, it’s solved in an instant. The original poster found this link but didn't figure it out. He was thinking of using ajax or something, but he didn't know how awesome our big iframe is. By putting an iframe with 0 width and height on the page, as long as the user has logged in to QQ-related websites before and left cookies on the browser, the QQ number and nickname can be obtained. Of course, if the user logs in to two QQ numbers at the same time, only one QQ number can be obtained, and the nickname is empty. If the user is not logged in, three zeros will be displayed. Let me tell you secretly, you can also use this iframe to do xss. What, I don’t do xss, I’m a good person, yeah, yes, that’s right.

Copy code

The code is as follows:

Just like that, I got the visitor’s QQ number, and I don’t have to do any more work. What? I don’t know what the next job is, marketing, entering your page shows that there is an intention, I won’t say more.

After reading this, if it is useful to you, you don’t have to thank me. If you really want to thank me, please call me Lei Feng.

<<: Practical notes on installing Jenkins with docker-compose

>>: MySQL slave library Seconds_Behind_Master delay summary

Using iframe techniques to obtain visitor QQ implementation ideas and sample code

How to open the port in Centos7

Pay attention to the use of HTML tags in web page creation

How to implement Mysql scheduled task backup data under Linux

In-depth analysis of nginx+php-fpm service HTTP status code 502

XHTML three document type declarations

How to let DOSBox automatically execute commands after startup

Simple summary of tomcat performance optimization methods

Detailed explanation of how MySQL determines whether an InnoDB table is an independent tablespace or a shared tablespace

Use CSS to create 3D photo wall effect

Detailed explanation of a method to rename procedure in MYSQL

Recommend

Detailed explanation of Bind mounts for Docker data storage

MySQL case when usage example analysis

Detailed graphic explanation of setting up routing and virtual machine networking in Linux

Install OpenSSL on Windows and use OpenSSL to generate public and private keys

Uninstalling MySQL database under Linux

An article to help you understand jQuery animation

General Guide to Linux/CentOS Server Security Configuration

Detailed tutorial on installing Spring boot applications on Linux systems

How to modify the contents of an existing Docker container

VMware ESXi installation and use record (with download)

Vue computed properties

A brief discussion on read-only and disabled attributes in forms

Steps to transfer files and folders between two Linux servers

HTML data submission post_PowerNode Java Academy

Detailed explanation of the basic usage of MySQL triggers [create, view, delete, etc.]