没错,在网上冲浪时,发现一个使用Like Girl建站的网友,主页有男主和女主的头像,出于好奇,我查看了头像获取方式,却发现是利用qlogo api获取的,于是有了话题一:QQ号泄露问题
问题描述:
在主页中,利用:

<!-- 头像内容 -->
<div class="bg-wrap">
    <div class="bg-img">
        <div class="central central-800">
            <div
                class="middle animated fadeInDown ">
                <div class="img-male">
                    <img src="https://q1.qlogo.cn/g?b=qq&nk=647159607&s=640" draggable="false">
                    <span>Ki</span>
                </div>
                <div class="love-icon">
                    <img src="Style/img/like.svg" draggable="false">
                </div>
                <div class="img-female">
                    <img src="https://q1.qlogo.cn/g?b=qq&nk=917640289&s=640" draggable="false">
                    <span>Li</span>
                </div>
            </div>
        </div>
        <svg class="waves" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
            viewBox="0 24 150 28" preserveAspectRatio="none" shape-rendering="auto">
            <defs>
                <path id="gentle-wave" d="M-160 44c30 0 58-18 88-18s 58 18 88 18 58-18 88-18 58 18 88 18 v44h-352z" />
            </defs>
            <g class="parallax">
                <use xlink:href="#gentle-wave" x="48" y="0" fill="rgba(255,255,255,0.7" />
                <use xlink:href="#gentle-wave" x="48" y="3" fill="rgba(255,255,255,0.5)" />
                <use xlink:href="#gentle-wave" x="48" y="5" fill="rgba(255,255,255,0.3)" />
                <use xlink:href="#gentle-wave" x="48" y="7" fill="#fff" />
            </g>
        </svg>
    </div>
</div>

获取头像,会造成QQ号的泄露(你也不想被打扰吧,特别是对女生)
同理,可发现在留言板(leaving.php)上,也是利用的API获取QQ头像和昵称,会导致留言者QQ号信息泄露
解决方法:
不明文获取QQ号,服务器处理后返回一个加密后的头像地址

Last modification:July 19, 2025
© Allow specification reprint
If you think my article is useful to you, please feel free to appreciate