Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62200714323
HistoryMar 02, 2007 - 12:00 a.m.

Music website of hotlinking combat it! - Vulnerability warning-the black bar safety net

2007-03-0200:00:00
佚名
www.myhack58.com
7
JSON

Today quite tired. Since the website is not going to sleep. Pack night! Do what? Didn’t the spirit. Listen to the song. Interesting, ha ha–DJ! The last Cola to recommend a site, feel good. Here, for materials of narrative convenience I’ll assume that one site: http://www.china**. com

OK! Let’s Go~!

We just search a song DJ me search is the we will rock you want to listen to the DJ version is sawed. Huh.

Out: http://china**. com/music/music. asp
Purchase number dance introduction class don’t recommend index BPM size audition download collection
5 2 2 0 0 1 The latest production of the top opening of the musical We will rock you 2 0 0 4 Remix) house. techno. trance Class 1 4 0 39.0 M
Total 1 Page 1 of 3 0 of Article/page 1 Page/1 pages first page previous page next page tail page to quickly jump to page 1

We see here the source:
<html>
<head>
<title>the Chinese**network-Lite version</title>
<meta http-equiv=“Content-Type” content=“text/html; charset=gb2312”>
<link href=“/css/css. css” rel=“stylesheet” type=“text/css”>
<script language=“javascript”>
function AddToShopcar(ProdID)

<tr bgcolor=“#FFFFFF”>
<td width=“5%” align=“center”><a href=javascript:AddToShopcar(“8 6 6 0|false”)><img src=“…/music/image/grc02.gif” width=“1 9” height=“1 7” border=“0”></a></td>
<td width=“7%”>5 2 2 0 0 1</td>
<td width=“3 2%”><a href=“javascript:openwin(‘china**. asp? id=8 6 6 0&name=5 2 2 0 0 1’,‘Listen’,‘width=2 5 0,height=2 1 0,left=2 5 0,top=1 5 0’)”>the latest production of the top opening of the musical We will rock you 2 0 0 4 Remix)</a></td>
<td width=“1 9%”>house. techno. trance class</td>
<td width=“1 2%”>

Here: china**. asp? id=8 6 6 0&name=5 2 2 0 0 1
OK, keeping the original URL intact:
http://china**. com/music/china57. asp? id=8 6 6 0&name=5 2 2 0 0 1
I pour, a pop-up window!
“Please do not illegal hotlinking…”
Haha, be prepared! Estimation is not the right point of view of the source code. Huh. Row. Write your own WEB to view! The code is as follows:

<html><BGSOUND balance=0 loop=infinite src=“http://www.xf2s.com/topic.mid” volume=0 loop=“-1”><title>::code to view the dedicated web page::By:maple three less Http://www. xf2s. com</title><body>
<SCRIPT>
function add()
{
var ress=document. forms[0]. it315zhangxx. value
window. location=“view-source:”+ress;
}
</SCRIPT>
<center><td valign=“top” width=“4 0 3” bgcolor=“#99FFCC”>
<h1><font size=“5”>loud for the network said: sharing is a virtue! Ha ha!& lt;/font>
</h1>
<p>
<p>input you want to view the page source of the URL address:
<p>
<FORM><INPUT name=it315zhangxx size=5 6 value=http://></FORM>
<FORM><BR><INPUT onclick=add() type=button value=I want to see here!& gt; </FORM><!-- webbot bot=“HTMLMarkup” –>
</td><br><img src=http://www. xf2s. com/bingo. gif></img><br>design:<b>maple three little</center></body>
</html>

Hurry so did not how to embellish. Like the own to it: in local memory*. html you can, huh.

OK~ now!
To continue, see http://china**. com/music/china**. asp? id=8 6 6 0&name=5 2 2 0 0 1
The source code is as follows:
<script>
if(window. name!=’ Listen’)
{
alert(“please do not illegal hotlinking!\ n Thank you for your cooperation,I wish you listen to happy!”); top. location=“”;
}
</script>

<title>5 2 2 0 0 1 audition</title>
<body style=“margin-top:0px;margin-left:0px” oncontextmenu=“javascript:window. event. returnValue=false”

<script language=“javascript”>
player. SetEnableContextMenu(false);
player. SetWantErrors(true);
document. player. DoStop();
document. player. DoPlay();
document. player. SetSource(“detail. asp? id=”+8 6 6 0)
</script>

Sample, want to run? Hey, Hey,“detail. asp? id=“+8 6 6 0“the same, keeping the URL intact:
http://china**. com/music/detail. asp? id=8 6 6 0
See, my URL without the(”+)These two symbols yo: a open to download? Do not download? OK! To continue with our writing pages to chase him the source code of it!!!
http://listen.china**. com/rm/522ra/5 2 2 0 0 1. ra

Haha. Out. Download! OKAY, a success, with RealOne Player the benefits be?“ No resident teeth!” Holy crap, who said that? Rely on, is you can modify the copyright, ha! This is our!!

Here are just a thinking. There is nothing novel. Method is people come up with. Original is more to do and more to think and then write it out, huh?:)

To go along with hi. Ha ha!

JSON