Domestic forum invasion method |http://www.cshu.net




                               About us 
                               Commercial cooperation 
                               Copyright declaration 
                               Contacts with us 



            Returns to the home pageArticle browsingOther columnsLands the forum


            |   The absolute &#21019;   |   |   hacker file   |   |   is newest 
            dynamically   |   
                  |  Hacker file>>invasion analysis>> domestic forum invasion 
                  method  Printing

            Domestic forum invasion method
            Www.cshu.net  2002-8-18  fog rain village 

              The forum lands the name: Gbffgch
              Submitting mail address: Security
              Submitting QQ number: 104.768907 million
              Domestic forum invasion method 
              Domestic forum invasion method 
              How below said is obtains the forum the management jurisdiction, 
              is is speaking the pure knowledge, please &#25670; the point of view, 
              which domestic forum don't have to take to test. Even if has 
              attained the jurisdiction, also do not have deliberately to 
              destroy, we do not handle the matter which leaves a stink for ten 
              thousand years... ... 
              Has very many friends to ask how invades the forum, actually some 
              multi-purpose method, that is with traces the snow, if this you 
              all did not know is any, that suggested search you to the search 
              engine on. Opens traces the snow, hangs up the dictionary, adds 
              forum manager's user, was left over is had waited for, you were 
              allowed to go sleep, rest as soon as have awakened, had a look the 
              result not to have, if has not obtained the password, that proved 
              your dictionary insufficiently was formidable, trades. Natural, if 
              thought directly explains the forum to land the password quite 
              troublesome speech, you also may thought the alternative means, 
              many collect manager's some information much, for instance the 
              mailbox, individual main page, QQ number and so on, then obtains 
              the QQ password from other channels or is any any password, 
              perhaps is the password which the forum manages, because has very 
              many person of passwords to use, obtained to obtain all, ha-ha. As 
              for traces the snow the application, actually you download trace 
              snow Wen Jiali to be supposed to have the course, compared to 
              mostly place all entire, carefully studies, should be similar, 
              really could not make, which forum any to asking, solved. 
              How today isn't says applies traces the snow, I mainly am want to 
              say several forums the loopholes, obtain the forum using the 
              loophole the jurisdiction, explained simply wants many to be more 
              than. 
              Now the popular forum is Yuzi BBS 3,000, the thunder arrogant 
              forum, thatched house forum three, other are not clear. (Is my not 
              clear ^_^) 

              A thunder arrogant forum loophole 
              This loophole made up similarly, resembled is only has the 
              leoboard 5,000 editions only then to have this loophole. Because 
              does not have strictly to filter the user input, may submit a 
              special request directly to promote oneself as the system manager. 

              First registers the user "thiz", lands, revises the information, 
              in the password territory input "thiz thiz ad", submits, has 
              become the system manager. The solution is has filtered out "\t" 
              the special character. 

              The thatched house forum v2.6 free version and the registration 
              version save security loophole 
              Because does not have strictly to filter the user input, may 
              submit a special request directly to promote oneself as the system 
              manager. First registers the user "thiz", lands, revises the 
              information, in the sex territory input "thiz  1", submits, has 
              become the forum system manager. Also may directly revise the 
              others, including manager's information. 
              But now already very much has been short with this edition stand, 
              is very difficult to find. 

              COOKIES loophole 
              Nearly all forums all have this loophole, is the user name and the 
              password has in COOKIS by the definite orders form, you may open 
              corresponding COOKIES in the folder the TXT document, can see the 
              user name and the password, this did not say, I before also has 
              written about this. Certainly this loophole may use on the local 
              machine, whether can use this loophole to obtain a non- local 
              wilfully user the password, has this possibility, is studying, 
              ha-ha. If the real research, that forum has been possible all not 
              to have on a security.
              Completely is I reprints! ! ! ! ! ! ! ! ! ! ! ! ! ! !
              Hoped everybody do not have to break China! ! ! All consequences I 
              am not responsible! ! ! 



              Original author: N/A 
              Origin: SafeChina.net 
              Altogether has 78 readers to read this article 

              [Tells friend] 
            Previous article:The malicious homepage "ten crimes" the analysis 
            with melt 

            Next article:How carries on the attack to in the PHP procedure 
            common loophole (next) 

            - this week popular article - related article 
            Domestic forum invasion method



      CSHU 
