Phpcurl reads the discuz registration verification code Image

Step: (you need to set up a REFERER to obtain it) Forum: www. test. com1. access member. php through? On the modregister page, analyze the URL of the Verification Code image $ src; Code: $ filegetvget (www. test. commember. php? Modregister); generate the hash $ patterninputname of the Verification Code

Step :( to set up REFERER to get) Forum: http://www.test.com 1. Access member. php? Mod = register page, analyze the URL to get the verification code image = $ src; Code: $ fileget = vget (http://www.test.com/member.php? Mod = register); // hash $ pattern =/input name =

Step: (SetREFERER can get)

Forum: http://www.test.com

1. Access member. php? Mod = register page, analyze the URL of the Verification Code image = $ src;

Code:

$ Fileget = vget ("http://www.test.com/member.php? Mod = register ");

// Generate the hash of the Verification Code
$ Pattern = "//S ";
Preg_match ($ pattern, $ fileget, $ match );
$ Idhash = $ match [1];

$ Fcon = vget ("http://www.test.com/misc.php? Mod = seccode & action = update & idhash = {$ idhash} & inajax = 1 & ajaxtarget = seccode _ {$ idhash }");

$ Pattern1 = "/src = \"(.*?) \ "Class = \" vm \ "alt = \" \ "\/>/s ";
Preg_match ($ pattern1, $ fcon, $ matcon );
$ Src = "http://bbs.py168.com/". $ mattings [1];

2. Use curl to obtain the verification code Image(Because you must set the verification code to be obtained.REFERERI chose to use curl to implement this. Simple copy won't be able to get the image !)

GetImg ($ url, $ filename );
/*
* @ Obtain the specified image locally using curl
* @ Complete image address
* @ Name of the file to be stored
*/
Function getImg ($ url = "", $ filename = ""){
If (is_dir (basename ($ filename ))){
Echo "The Dir was not exits ";
Return false;
}
// Remove the quotation marks above the URL Connection
$ Url = preg_replace ('/(? : ^ [\ '"] + | [\'" \/] + $)/', '', $ Url );
$ Hander = curl_init ();
$ Fp = fopen ($ filename, 'wb ');
Curl_setopt ($ hander, CURLOPT_URL, $ url );
Curl_setopt ($ hander, CURLOPT_FILE, $ fp );
Curl_setopt ($ hander, CURLOPT_HEADER, 0 );
Curl_setopt ($ hander, CURLOPT_FOLLOWLOCATION, 1 );
Curl_setopt ($ hander, CURLOPT_REFERER, 'HTTP: // www. test. commember. php? Mod = register ');
// Curl_setopt ($ hander, CURLOPT_RETURNTRANSFER, false); // return data in the form of data stream. If it is false, it is directly displayed.
Curl_setopt ($ hander, CURLOPT_TIMEOUT, 60 );


Curl_exec ($ hander );
Curl_close ($ hander );
Fclose ($ fp );
Return true;
}

# Finally, a registration verification vulnerability of discuz x2 was found: After entering the verification code, submit the data and register the data successfully. Then, continue to fill in the data registration. The second verification code is still successfully registered when it is empty. It should be the first time that the cookie has been successfully verified, the second time I ignored it. Why? You can constantly fill in the data to register, so as to bypass the registration verification code, to achieve the effect of the registration machine.