登录到Joomla从C#应用程序 [英] login to joomla from a c# application
问题描述
我用很多方法太在登录到Joomla管理面板。
,而返回的值是一样的AZ登录页面。
,即使用户名和密码是否正确
例如:
WebClient的客户端=新的WebClient();
System.Collections.Specialized.NameValueCollection集合=
新System.Collections.Specialized.NameValueCollection();
Collection.Add(用户名, - 我的使用者名称,);
Collection.Add(passwd文件, - 我password--);
Collection.Add(选项,com_login);
Colletion.Add(e0484cdc56d8ccc42187d26a813324ba,1);
Collection.Add(郎,);
Client.Proxy = NULL;
的byte []解析度= Client.UploadValues(
http://127.0.0.1/administrator/index.php,POST,征收);
textBox1.Text = Encoding.UTF8.GetString(RES,0,res.Length);
的问题是这一行:
Colletion.Add(e0484cdc56d8ccc42187d26a813324ba,1);
这是的Joomla的CSRF防伪标记。的Joomla!试图通过将由此看来到每个POST的形式和每个GET查询字符串,它是能够修改的东西在的Joomla保护againt CSRF!系统。这个随机字符串提供保护,因为不但没有被感染的网站需要知道目标站点和目标站点一个有效的请求格式的URL,还必须知道哪些改变每个会话以及每个用户的随机字符串。
在为了发送正确的标记与您的登录请求你必须:
- 首先通过GET使用客户对象的要求
- 检索与正则表达式
/名令牌=([A-ZA-请求正确的登录表单Z0-9] {32})/ - 与令牌发送的登录请求
好运
编辑::要你的收藏增加一个参数:
Collection.Add(任务,登陆);
i use many methods too login in to joomla admin panel. but the returned value is same az the login page. even when the username and password are correct.
example:
WebClient Client = new WebClient();
System.Collections.Specialized.NameValueCollection Collection =
new System.Collections.Specialized.NameValueCollection();
Collection.Add("username", "--my username--");
Collection.Add("passwd", "--my password--");
Collection.Add("option", "com_login");
Colletion.Add("e0484cdc56d8ccc42187d26a813324ba", "1");
Collection.Add("lang", "");
Client.Proxy = null;
byte[] res = Client.UploadValues(
"http://127.0.0.1/administrator/index.php", "POST", Collection);
textBox1.Text = Encoding.UTF8.GetString(res, 0, res.Length);
the problem is with this line:
Colletion.Add("e0484cdc56d8ccc42187d26a813324ba", "1");
which is joomla's CSRF anti-spoofing token. Joomla! attempts to protect againt CSRF by inserting a this token into each POST form and each GET query string that is able to modify something in the Joomla! system. This random string provides protection because not only does the compromised site need to know the URL of the target site and a valid request format for the target site, it also must know the random string which changes for each session and each user.
In order to sent a correct token with your login request you'd have to:
- Firstly request a correct log-in form by GET using the "Client object" request
- Retrieve the token with regex
/name="([a-zA-z0-9]{32})"/ - Send the log-in request with the token
Good Luck
EDIT: To your "collection" add one more param:
Collection.Add("task", "login");
这篇关于登录到Joomla从C#应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
