Discuz! Cross-site encyclopedia_PHP tutorial

In discuz! The subjects in posts, replies, PMs, etc. are not filtered, so you can also add codes.
For example
http://xxx/post.php?action=newthread&fid=2...cript%3E%3Cb%22
The effect is to pop up your own cookie first
Usage method: put the above The code is placed in img.
Applicable version: discuz! 2.x
discuz! 3.x
A way to exploit discuz! 2.0 vulnerability attempts to deceive and obtain cookies
There is a security vulnerability in testing the PM function of the XXXFan forum. The specific description is as follows:
XXXFan sends a quiet link to a member as follows (assuming that the member’s name is XXXFan)
http://XXX/pm.php?action=send&username=XXXFan
Because the forum program does not filter member names, but displays them directly in the send column (TO:), so you can add after the name Upload the script code. For example
http://XXX/pm.php?action=send&username=XXXFan ";><script>alert(document..cookie)</script>Above After clicking the link, the first thing that pops up is your own cookie content.
Of course we can first construct a program on our own site to collect cookies, similar to
getcookie.php?cookie=
But how to induce members to click? If it is simply placed on the forum, Too easy to identify. Therefore, you can use another function of the discuz forum program, the "post to friends" function.
Because this function of discuz does not perform any filtering, identification or template on the filled in emial address, you can fake anyone to send letters to others, and the security is very high. Using this function, we can forge the administrator of ExploitFan to send a letter to a member to induce the member to click on the URL we prepared. If you induce the member, it depends on your own method. For example, you can say "The forum is testing new features, please Please help click on the above address, and we will record your click in the background and add points to you as a reward at the appropriate time, etc.
Because the link address is XXXFan’s, and the sender and email address are both XXXFan’s official addresses, the credibility is very high and no clues will be left. Of course, for higher security, the content in

Latest Articles by Author

• How LLMs Work: Pre-Training to Post-Training, Neural Networks, Hallucinations, and Inference
  2025-02-26 03:58:14
• I Combined the Blockchain and AI to Generate Art. Here’s What Happened Next.
  2025-02-26 03:38:10
• Advanced Prompt Engineering: Chain of Thought (CoT)
  2025-02-26 03:17:10
• Retrieval Augmented Generation in SQLite
  2025-02-26 02:49:09
• How to Use an LLM-Powered Boilerplate for Building Your Own Node.js API
  2025-02-26 01:08:13
• LLMs for Coding in 2024: Price, Performance, and the Battle for the Best
  2025-02-26 00:46:10
• Prompting Vision Language Models
  2025-02-25 23:42:08
• How to Measure the Reliability of a Large Language Model's Response
  2025-02-25 22:50:13
• An Illusion of Life
  2025-02-25 21:54:11
• Scientists Go Serious About Large Language Models Mirroring Human Thinking
  2025-02-25 20:45:11

Latest Issues

• Explain how to implement caching in PHP.
  2025-03-21 13:39:34
• How do you use the DateTime class in PHP?
  2025-03-21 13:38:34
• Explain the purpose of namespaces in PHP.
  2025-03-21 13:37:19
• What is the difference between clone and __clone() in PHP?
  2025-03-21 13:35:24
• How do you use the spl_autoload_register() function?
  2025-03-21 13:34:32

Related Topics

More>

• How to solve discuz database error
• Bitcoin trading website
• What software is ae
• Official download and installation of Euro-Italian Exchange app
• How to use question mark expression in C language
• What are the methods to prevent sql injection?
• Introduction to the usage of rowid in oracle
• How to cancel automatic renewal on Baidu Netdisk
• SQL 5120 error solution