HTML,CSS,JavaScript實(shí)現(xiàn)-井字棋游戲

里只提供實(shí)現(xiàn)井字棋游戲的核心HTML和CSS代碼。具體的JavaScript邏輯（如處理玩家移動(dòng)、判斷勝負(fù)等）需要根據(jù)實(shí)際情況編寫。

<!DOCTYPE html>

<head>

<title>井字棋游戲</title>

<style>

.board {

display: grid;

grid-template-columns: repeat(3, 1fr);

grid-gap: 5px;

width: 200px;

height: 200px;

margin: auto;

border: 2px solid black;

}

.square {

border: 1px solid #000;

width: 100px;

height: 100px;

text-align: center;

line-height: 100px;

}

</style>

</head>

<body>

</div>

// 這里添加JavaScript代碼來實(shí)現(xiàn)游戲邏輯

</script>

</body>

</html>

這段代碼提供了一個(gè)3x3的井字棋盤，并使用CSS grid布局來創(chuàng)建這個(gè)棋盤。接下來，需要添加JavaScript代碼來處理玩家的移動(dòng)，以及判斷輸贏。這些邏輯會(huì)涉及事件監(jiān)聽、條件判斷以及DOM操作。

tml：

<!DOCTYPE html>

<html>

<head>

<style>

/* 游戲棋盤格 */

body{font-family:Arial;text-align:center;}

.game{margin:0 auto;/*margin-top:40px;*/text-align:center;display:inline-block;}

.game-score{font-size:20px;margin:20px auto;}

.game-container{background-color:#bbada0;border-radius:10px;position:relative;}

.game-cell{border-radius:6px;background-color:#ccc0b3;position:absolute;}

.game-num{width:0px;height:0px;border-radius:6px;font-weight:bold;font-size:40px;color:#fff;text-align:center;position:absolute;}

.game-num-2{background:#eee4da;color:#776e65;}

.game-num-4{background:#ede0c8;color:#776e65;}

.game-num-8{background:#f2b179;}

.game-num-16{background:#f59563;}

.game-num-32{background:#f67c5f;}

.game-num-64{background:#f65e3b;}

.game-num-128{background:#edcf72;font-size:35px;}

.game-num-256{background:#edcc61;font-size:35px;}

.game-num-512{background:#9c0;font-size:35px;}

.game-num-1024{background:#33b5e5;font-size:30px;}

.game-num-2048{background:#09c;font-size:30px;}

/*游戲結(jié)束*/

.game-over{width:100%;height:100%;position:absolute;border-radius:10px;box-sizing:border-box;z-index:1;display:table;background:rgba(123,102,85,0.5)}

.game-over-info{display:table-cell;vertical-align:middle}

.game-over p{font-size:45px;color:#fff;margin:20px auto;}

.game-over span{cursor:pointer;background-color:rgba(103,82,65,0.6);display:block;margin:20px auto;width:180px;padding:10px 10px;font-size:25px;color:#f7f2e5;border-radius:10px;border:1px solid #978271;transition:all .2s}

.game-over span:hover{background-color:rgba(103,82,65,0.7);color:#fff}

.game-hide{display:none;}

</style>

</head>

<body>

</div>

Game2048({prefix: 'game', len: 4, size: 100, margin: 20});

</script>

</body>

</html>

Game2048js文件：

(function(window, document, $) {

function Game2048(opt) {

var prefix = opt.prefix, len = opt.len, size = opt.size, margin = opt.margin;

var score = 0;

var winNum = 2048;

var isGameOver = true;

var board = new Board(len);

var view = new View(prefix, len, size, margin);

view.init();

board.onGenerate = function(e) {

view.addNum(e.x, e.y, e.num);

};

board.onMove = function(e) {

if (e.to.num >= winNum) {

isGameOver = true;

setTimeout(function() { view.win(); }, 300);

}

if (e.to.num > e.from.num) {

score += e.to.num;

view.updateScore(score);

}

view.move(e.from, e.to);

};

board.onMoveComplete = function(e) {

if (!board.canMove()) {

isGameOver = true;

setTimeout(function() { view.over(score); }, 300);

}

if (e.moved) {

setTimeout(function(){ board.generate(); }, 200);

}

};

$(document).keydown(function(e) {

if (isGameOver) {

return false;

}

switch (e.which) {

case 37: board.moveLeft(); break;

case 38: board.moveUp(); break;

case 39: board.moveRight(); break;

case 40: board.moveDown(); break;

}

});

function start() {

score = 0;

view.updateScore(0);

view.cleanNum();

board.init();

board.generate();

isGameOver = false;

}

$('#' + prefix + '_restart').click(start);

start();

};

// 數(shù)據(jù)處理

function Board(len) {

this.len = len;

this.arr = [];

}

Board.prototype = {

// 事件

onGenerate: function() {},

onMove: function() {},

onMoveComplete: function() {},

// 創(chuàng)建數(shù)組

init: function() {

for (var arr = [], x = 0, len = this.len; x < len; ++x) {

arr[x] = [];

for (var y = 0; y < len; ++y) {

arr[x][y] = 0;

}

this.arr = arr;

// 在隨機(jī)位置增加一個(gè)隨機(jī)數(shù)

generate: function() {

var empty = [];

for (var x = 0, arr = this.arr, len = arr.length; x < len; ++x) {

for (var y = 0; y < len; ++y) {

if (arr[x][y] === 0) {

empty.push({x: x, y: y});

}

if (empty.length < 1) {

return false;

}

var pos = empty[Math.floor((Math.random() * empty.length))];

this.arr[pos.x][pos.y] = Math.random() < 0.5 ? 2 : 4;

this.onGenerate({x: pos.x, y: pos.y, num: this.arr[pos.x][pos.y]});

// 左移

moveLeft: function() {

var canMove = false;

// 從上到下，從左到右

for (var x = 0, len = this.arr.length; x < len; ++x) {

for (var y = 0, arr = this.arr[x]; y < len; ++y) {

// 從 y + 1 位置開始，向右查找

for (var next = y + 1; next < len; ++next) {

// 如果 next 單元格是 0，找下一個(gè)不是嗎 0 的單元格

if (arr[next] === 0) {

continue;

}

// 如果 y 數(shù)字是 0，則將 next 移動(dòng)到 y 位置，然后將 y 減 1 重新查找

if (arr[y] === 0) {

arr[y] = arr[next];

this.onMove({from: {x: x, y: next, num: arr[next]}, to: {x: x, y: y, num: arr[y]}});

arr[next] = 0;

canMove = true;

--y;

// 如果 y 與 next 單元格數(shù)字相等，則將 next 移動(dòng)并合并給 y

} else if (arr[y] === arr[next]) {

arr[y] += arr[next];

this.onMove({from: {x: x, y: next, num: arr[next]}, to: {x: x, y: y, num: arr[y]}});

arr[next] = 0;

canMove = true;

}

break;

}

this.onMoveComplete({moved: canMove});

moveRight: function() {

var moved = false;

for (var x = 0, len = this.arr.length; x < len; ++x) {

for (var y = len - 1, arr = this.arr[x]; y >= 0; --y) {

for (var prev = y - 1; prev >= 0; --prev) {

if (arr[prev] === 0) {

continue;

}

if (arr[y] === 0) {

arr[y] = arr[prev];

this.onMove({from: {x: x, y: prev, num: arr[prev]}, to: {x: x, y: y, num: arr[y]}});

arr[prev] = 0;

moved = true;

++y;

} else if (arr[y] === arr[prev]) {

arr[y] += arr[prev];

this.onMove({from: {x: x, y: prev, num: arr[prev]}, to: {x: x, y: y, num: arr[y]}});

arr[prev] = 0;

moved = true;

}

break;

}

this.onMoveComplete({moved: moved});

moveUp: function() {

var canMove = false;

for (var arr = this.arr, len = arr.length, y = 0; y < len; ++y) {

for (var x = 0; x < len; ++x) {

for (var next = x + 1; next < len; ++next) {

if (arr[next][y] === 0) {

continue;

}

if (arr[x][y] === 0) {

arr[x][y] = arr[next][y];

this.onMove({from: {x: next, y: y, num: arr[next][y]}, to: {x: x, y: y, num: arr[x][y]}});

arr[next][y] = 0;

canMove = true;

--x;

} else if (arr[x][y] === arr[next][y]) {

arr[x][y] += arr[next][y];

this.onMove({from: {x: next, y: y, num: arr[next][y]}, to: {x: x, y: y, num: arr[x][y]}});

arr[next][y] = 0;

canMove = true;

}

break;

}

this.onMoveComplete({moved: canMove});

moveDown: function() {

var canMove = false;

for (var arr = this.arr, len = arr.length, y = 0; y < len; ++y) {

for (var x = len - 1; x >= 0; --x) {

for (var prev = x - 1; prev >= 0; --prev) {

if (arr[prev][y] === 0) {

continue;

}

if (arr[x][y] === 0) {

arr[x][y] = arr[prev][y];

this.onMove({from: {x: prev, y: y, num: arr[prev][y]}, to: {x: x, y: y, num: arr[x][y]}});

arr[prev][y] = 0;

canMove = true;

++x;

} else if (arr[x][y] === arr[prev][y]) {

arr[x][y] += arr[prev][y];

this.onMove({from: {x: prev, y: y, num: arr[prev][y]}, to: {x: x, y: y, num: arr[x][y]}});

arr[prev][y] = 0;

canMove = true;

}

break;

}

this.onMoveComplete({moved: canMove});

canMove: function() {

for (var x = 0, arr = this.arr, len = arr.length; x < len; ++x) {

for (var y = 0; y < len; ++y) {

if (arr[x][y] === 0) {

return true;

}

var curr = arr[x][y], right = arr[x][y + 1];

var down = arr[x + 1] ? arr[x + 1][y] : null;

if (right === curr || down === curr) {

return true;

}

return false;

}

};

// 視圖處理

function View(prefix, len, size, margin) {

this.prefix = prefix;

this.len = len; // 單元格單邊的數(shù)量（實(shí)際數(shù)量 len * len）

this.size = size; // 每個(gè)單元格的邊長

this.margin = margin; // 每個(gè)單元格的間距

this.score = $('#' + prefix + '_score');

this.container = $('#' + prefix + '_container');

var containerSize = len * size + margin * (len + 1);

this.container.css({width:containerSize , height: containerSize});

this.nums = {};

}

View.prototype = {

// 計(jì)算位置

getPos: function(n) {

return this.margin + n * (this.size + this.margin);

init: function() {

for (var x = 0, len = this.len; x < len; ++x) {

for (var y = 0; y < len; ++y) {

var $cell = $('<div class="' + this.prefix + '-cell"></div>');

$cell.css({

width: this.size + 'px', height: this.size + 'px',

top: this.getPos(x), left: this.getPos(y)

}).appendTo(this.container);

}

addNum: function(x, y, num) {

var $num = $('<div class="' + this.prefix + '-num ' + this.prefix + '-num-' + num + ' ">');

$num.text(num).css({

top: this.getPos(x) + parseInt(this.size / 2),

left: this.getPos(y) + parseInt(this.size / 2)

}).appendTo(this.container).animate({

width: this.size + 'px',

height: this.size + 'px',

lineHeight: this.size + 'px',

top: this.getPos(x),

left: this.getPos(y)

}, 100);

this.nums[x + '-' + y] = $num;

move: function(from, to) {

var fromIndex = from.x + '-' + from.y, toIndex = to.x + '-' + to.y;

var clean = this.nums[toIndex];

this.nums[toIndex] = this.nums[fromIndex];

delete this.nums[fromIndex];

var prefix = this.prefix + '-num-';

var pos = {top: this.getPos(to.x), left: this.getPos(to.y)};

this.nums[toIndex].finish().animate(pos, 200, function() {

if (to.num > from.num) {

clean.remove();

$(this).text(to.num).removeClass(prefix + from.num).addClass(prefix + to.num);

}

});

updateScore: function(score) {

this.score.text(score);

win: function() {

$('#' + this.prefix + '_over_info').html('<p>您獲勝了</p>');

$('#' + this.prefix + '_over').removeClass(this.prefix + '-hide');

over: function(score) {

$('#' + this.prefix + '_over_info').html('<p>本次得分</p><p>' + score + '</p>');

$('#' + this.prefix + '_over').removeClass(this.prefix + '-hide');

cleanNum: function() {

this.nums = {};

$('#' + this.prefix + '_over').addClass(this.prefix + '-hide');

$('.' + this.prefix + '-num').remove();

}

};

window['Game2048'] = Game2048;

})(window, document, jQuery);

然后就是還要自己下載一個(gè)jQuery文件；

迎搜索公眾號(hào)：白帽子左一

每天分享更多黑客技能，工具及體系化視頻教程（免費(fèi)領(lǐng)）

來源：HACK學(xué)習(xí)呀

一直找不到目標(biāo)站點(diǎn),昨天下午收到的一條微信之后突然有了目標(biāo)

還是老規(guī)則下載了APP 這里提示下注意事項(xiàng)

因?yàn)檫@種APP是自動(dòng)采用微信賬號(hào)登錄且蘋果手機(jī)登錄前需要申請(qǐng)數(shù)據(jù)網(wǎng)絡(luò)權(quán)限

所以在進(jìn)行抓包前，需要先點(diǎn)開APP給予數(shù)據(jù)網(wǎng)絡(luò)權(quán)限并提前登錄微信賬號(hào)(設(shè)置代理之后無法登錄微信

進(jìn)入APP后、首先對(duì)APP內(nèi)部通過http請(qǐng)求獲取或得到數(shù)據(jù)的接口進(jìn)行了測(cè)試，也測(cè)試得到APP走h(yuǎn)ttp請(qǐng)求的IP為，阿里云服務(wù)器IP地址

注意事項(xiàng) 碰到阿里云服務(wù)器(不要進(jìn)行端口掃描,不要進(jìn)行網(wǎng)頁路徑探測(cè))

因?yàn)檫@兩點(diǎn)都會(huì)讓阿里云封你的IP 首先對(duì)反饋接口進(jìn)行了抓包丟入了XSS

丟入xss 之后考慮到這個(gè)APP并沒有什么可以入手的點(diǎn)

(本人比較菜,沒辦法在這上面找到突破口)

于是注意到這個(gè)APP有掛載的官網(wǎng),果斷從官網(wǎng)開始入手

首先找到了部分代理登錄的后臺(tái),進(jìn)入了登錄界面,因?yàn)橛袃蓚€(gè)登錄界面一個(gè)是http 并且無驗(yàn)證碼

一個(gè)是https 有驗(yàn)證碼首先從http無驗(yàn)證碼口開始爆破密碼

https://jingyan.baidu.com/article/200957619c8739cb0721b4ff.html
Burp爆破網(wǎng)站后臺(tái)賬號(hào)密碼步驟

成功的登錄了后臺(tái),發(fā)現(xiàn)后臺(tái)并沒有什么其他功能只是能查看個(gè)人的代理及充值返利情況

在未找到直接能getshell的點(diǎn), 首先對(duì)網(wǎng)站后臺(tái)進(jìn)行了抓包, 查看后臺(tái)中部分搜索功能是否存在SQL注入,其次查看后臺(tái)是否存在邏輯漏

可以確定的點(diǎn)如下(網(wǎng)站后臺(tái)未存在有SQL注入,數(shù)據(jù)庫不進(jìn)行報(bào)錯(cuò),對(duì)網(wǎng)站進(jìn)行掃描并未封IP
IP地址為武漢,極有可能是源IP地址,接著繼續(xù)尋找網(wǎng)站的邏輯漏洞

當(dāng)咱們對(duì)myuser.php 進(jìn)行訪問時(shí) 服務(wù)器緩存的cookie 信息為以上圖片內(nèi)
aliyungf_tc 為無效數(shù)據(jù) 可無視不計(jì)算
user_name 為賬號(hào)信息 user_id為服務(wù)器uid值 user_level為用戶等級(jí)
嘗試修改賬號(hào)信息為123456789 數(shù)據(jù)并未發(fā)生改變
嘗試修改uid值數(shù)據(jù)發(fā)生改變
嘗試修改用戶等級(jí) 未發(fā)生改變
于是得到uid 值為判斷用戶的標(biāo)準(zhǔn)

接下來就找我親愛的丁哥寫了套爬蟲 (用戶uid值為循環(huán)上升,爬取頁面內(nèi)容得到網(wǎng)站總用戶量為1萬五千人)

之前咱們提到還有一個(gè)https的后臺(tái)
有驗(yàn)證碼機(jī)制

有驗(yàn)證碼機(jī)制進(jìn)行爆破成功率可能并不是很高嘗試進(jìn)行找回密碼功能

修改uid值為空試試

點(diǎn)擊確認(rèn)提交直接來到了修改密碼的頁面
https://qy.xxxxxxx.com/user_goback_password.php?uid=
再進(jìn)行uid補(bǔ)全為test用戶uid=11000 輸入更改的新密碼更改成功

成功進(jìn)入后臺(tái) 截止到目前為止

(拿到了網(wǎng)站全部用戶的個(gè)人信息,拿到了充值游戲幣的權(quán)限）

順便解釋下為什么能更改成功test用戶的密碼

當(dāng)user_goback_quan.php?uid=11000 修改為uid=空時(shí)

數(shù)據(jù)庫查詢不到用戶那么對(duì)應(yīng)的答案也是查詢不到為空的

更改密碼在數(shù)據(jù)庫判斷中問題=答案(正確) ----- 更改成功

當(dāng)問題不存在答案不存在的情況下問題=答案跳轉(zhuǎn)到更改密碼界面 — 更改uid值為test用戶uid ===== 成功更改test用戶密碼