Home Backend Development PHP Tutorial Discuz! Cross-site encyclopedia_PHP tutorial

Discuz! Cross-site encyclopedia_PHP tutorial

Jul 13, 2016 pm 05:12 PM
discuz exist Encyclopedia of filter

In discuz! The subjects in posts, replies, PMs, etc. are not filtered, so you can also add codes.
For example
http://xxx/post.php?action=newthread&fid=2...cript%3E%3Cb%22
The effect is to pop up your own cookie first
Usage method: put the above The code is placed in img.
Applicable version: discuz! 2.x
discuz! 3.x
A way to exploit discuz! 2.0 vulnerability attempts to deceive and obtain cookies
There is a security vulnerability in testing the PM function of the XXXFan forum. The specific description is as follows:
XXXFan sends a quiet link to a member as follows (assuming that the member’s name is XXXFan)
http://XXX/pm.php?action=send&username=XXXFan
Because the forum program does not filter member names, but displays them directly in the send column (TO:), so you can add after the name Upload the script code. For example
http://XXX/pm.php?action=send&username=XXXFan ";><script>alert(document..cookie)</script><b%20"
Above After clicking the link, the first thing that pops up is your own cookie content.
Of course we can first construct a program on our own site to collect cookies, similar to
getcookie.php?cookie=
But how to induce members to click? If it is simply placed on the forum, Too easy to identify. Therefore, you can use another function of the discuz forum program, the "post to friends" function.
Because this function of discuz does not perform any filtering, identification or template on the filled in emial address, you can fake anyone to send letters to others, and the security is very high. Using this function, we can forge the administrator of ExploitFan to send a letter to a member to induce the member to click on the URL we prepared. If you induce the member, it depends on your own method. For example, you can say "The forum is testing new features, please Please help click on the above address, and we will record your click in the background and add points to you as a reward at the appropriate time, etc.
Because the link address is XXXFan’s, and the sender and email address are both XXXFan’s official addresses, the credibility is very high and no clues will be left. Of course, for higher security, the content in <script> can be encrypted to further increase concealment.
As for how to get cookies, you can try cookie spoofing or brute force cracking of MD5 passwords
This method is suitable for most forums that use discuz2.0. As for how to use discuz3.0, please participate in the discuz I published before. ! Whisper vulnerability
【BUG】Discuz! Voting BUG
You can vote using
misc.php?action=votepoll&fid=2&tid=16980&pollanswers[]=n
(n is an option, starting from 0)
Vote directly through URL
But what if n>the largest option, hehe~
The submission is still successful, but an option with an empty title is added

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629317.htmlTechArticlein discuz! The subjects in posts, replies, PMs, etc. are not filtered, so you can also add codes. For example, http://xxx/post.php?action=newthreadfid=2...cript%3E%3Cb%22 The effect is the first...
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot Article

Hot Article

Hot Article Tags

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Discuz background login problem solution revealed Discuz background login problem solution revealed Mar 03, 2024 am 08:57 AM

Discuz background login problem solution revealed

What is Discuz? Definition and function introduction of Discuz What is Discuz? Definition and function introduction of Discuz Mar 03, 2024 am 10:33 AM

What is Discuz? Definition and function introduction of Discuz

A must-have for Discuz users! Comprehensive analysis of renaming props! A must-have for Discuz users! Comprehensive analysis of renaming props! Mar 12, 2024 pm 10:15 PM

A must-have for Discuz users! Comprehensive analysis of renaming props!

What should I do if I encounter an incorrect Discuz password? Quick solution sharing! What should I do if I encounter an incorrect Discuz password? Quick solution sharing! Mar 03, 2024 am 09:33 AM

What should I do if I encounter an incorrect Discuz password? Quick solution sharing!

Discuz domain name modification operation guide Discuz domain name modification operation guide Mar 09, 2024 pm 04:36 PM

Discuz domain name modification operation guide

Detailed explanation of Discuz registration process: allowing you to easily modify personal information Detailed explanation of Discuz registration process: allowing you to easily modify personal information Mar 13, 2024 pm 12:21 PM

Detailed explanation of Discuz registration process: allowing you to easily modify personal information

Detailed explanation of steps to modify Discuz domain name Detailed explanation of steps to modify Discuz domain name Mar 11, 2024 am 11:00 AM

Detailed explanation of steps to modify Discuz domain name

Discuz background login failed? Teach you how to solve it easily! Discuz background login failed? Teach you how to solve it easily! Mar 02, 2024 pm 06:03 PM

Discuz background login failed? Teach you how to solve it easily!

See all articles