Discuz! Cross-site encyclopedia_PHP tutorial

In discuz! The subjects in posts, replies, PMs, etc. are not filtered, so you can also add codes.
For example
http://xxx/post.php?action=newthread&fid=2...cript%3E%3Cb%22
The effect is to pop up your own cookie first
Usage method: put the above The code is placed in img.
Applicable version: discuz! 2.x
discuz! 3.x
A way to exploit discuz! 2.0 vulnerability attempts to deceive and obtain cookies
There is a security vulnerability in testing the PM function of the XXXFan forum. The specific description is as follows:
XXXFan sends a quiet link to a member as follows (assuming that the member’s name is XXXFan)
http://XXX/pm.php?action=send&username=XXXFan
Because the forum program does not filter member names, but displays them directly in the send column (TO:), so you can add after the name Upload the script code. For example
http://XXX/pm.php?action=send&username=XXXFan ";><script>alert(document..cookie)</script>Above After clicking the link, the first thing that pops up is your own cookie content.
Of course we can first construct a program on our own site to collect cookies, similar to
getcookie.php?cookie=
But how to induce members to click? If it is simply placed on the forum, Too easy to identify. Therefore, you can use another function of the discuz forum program, the "post to friends" function.
Because this function of discuz does not perform any filtering, identification or template on the filled in emial address, you can fake anyone to send letters to others, and the security is very high. Using this function, we can forge the administrator of ExploitFan to send a letter to a member to induce the member to click on the URL we prepared. If you induce the member, it depends on your own method. For example, you can say "The forum is testing new features, please Please help click on the above address, and we will record your click in the background and add points to you as a reward at the appropriate time, etc.
Because the link address is XXXFan’s, and the sender and email address are both XXXFan’s official addresses, the credibility is very high and no clues will be left. Of course, for higher security, the content in

• How to use cURL to implement Get and Post requests in PHP
• How to use cURL to implement Get and Post requests in PHP
• How to use cURL to implement Get and Post requests in PHP
• How to use cURL to implement Get and Post requests in PHP
• All expression symbols in regular expressions (summary)