Mobile phone SMS bombing (Figure) _ Vulnerability Research

Mobile phones and the network has long been inseparable, through the network, you can send information directly to the phone, but now there is no

Free to send text messages to the website, if you want to send SMS through the website to the mobile phone, you must register the user, confirm before you can

send a message, just like that, oh, send a message is a dime, oh, I do not have so much money. hehe

is not very puzzled ah, hehe

All right, let me tell you a few words.

First analysis of the internet can send mobile phone text message website structure. In particular, how do they confirm that the user has registered successfully?

Generally, there are the following steps:

1, the user approves the website to propose the service agreement

2, the user enters the registration page, fills in own mobile phone number

3, the server accepts the user to submit the mobile phone number, and sends the confirmation password to the user fills in the handset

4, users to mobile phone numbers and mobile phone access to the password to log on to the site to use the site to provide the fee services

Take Sina as an example:

Login to the Sina SMS registration page, fill in the number in the mobile phone number, and then click Register

At this time, the server receives the user to send the request, the user registers the password to send to the mobile phone number by the message the way

By now, the discerning eye should be able to see something.

Oh!

Yes, if we can successfully forge a piece of information and send it to the server, send the registration password through the server

to the corresponding cell phone number, if we send 2 times, the phone should receive 2 messages, if we send 10 times, the phone

Nature should be received 10 times if we send 100 times 、、、

Oh

Validating ideas

Move out of the sniffer, of course, I prefer iris, the following is intercepted packets, decode after the display

Click picture to enlarge

There are two lines we need to be aware of:

One is

post/cgi-bin/sms/register.cgi http/1.1

One is

mobile=13801590786&lang=1&%d7%a2%b2%e1.x=29&%d7%a2%b2%e1.y=6http/1.1
OK

(Oh, of course, this is not my phone)

Analyze:

/CGI-BIN/SMS/REGISTER.CGI is used to register the program

mobile= Mobile phone Number

Lang=1 said the mobile phone is a Chinese machine, Lang=0 said the mobile phone is an English machine (oh, look at the HTML code inside there)

%D7%A2%B2%E1 is a Unicode encoding, meaning "register"

Try to implement:

First use get try directly, no post, just fill in mobile parameters

Return to a mess after you enter

Oh , I will not paste, the basic meaning is not successful

Try again!

Connect to the server

Sash  肎 et, no post, but add Lang language parameters after the mobile argument

Oh, it's a success.

Oh , look at the title inside the know has been successful

Oh

Okay, here's the program.

Oh, I am not a programmer, so I do not put the code out

However, at present, the attack program to look at, oh, basically every website services are available

And the results are pretty good.

It should be noted that when the same number is submitted multiple times, the speed is not fast, in addition, because the attack method is risky

Oh, because the server will have a record, so, in writing, pay attention to add a proxy on it.

All right, let's talk so much.