วิธีการหา คือ ลอง sniff packet ที่ส่งไปตอนกดรับหัวใจดู
แล้วจะเห็นว่า /game/accept_sent_life/ ไม่มีการเช็คค่าอะไรเลย
เราก็ส่ง link นั้นไปรัวๆ .. ก็จะได้หัวใจรัวๆ
(ถือว่าเป็น ช่องโหว่ อย่างหนึ่งของคนทำเวป)
code นี้เป็น ภาษา perl แบบ ทำงาน multi process (25 thread)
#!/usr/bin/perl -w
#########################################################################
# ░░░░░░░░░░░░▄▄░░░░░░░░░░░░░░ Copyright (c) 2011 by windows98SE
# ░░░░░░░░░░░█░░█░░░░░░░░░░░░░
# ░░░░░░░░░░░█░░█░░░░░░░░░░░░░ This software is open source,
# ░░░░░░░░░░█░░░█░░░░░░░░░░░░░ licensed under the GNU/GPL,v3.0
# ░░░░░░░░░█░░░░█░░░░░░░░░░░░░
# ██████▄▄█░░░░░██████▄░░░░░░░ Basically,
# ▓▓▓▓▓▓█░░░░░░░░░░░░░░█░░░░░░ this means that you're allowed to modify and
# ▓▓▓▓▓▓█░░░░░░░░░░░░░░█░░░░░░ distribute this software.
# ▓▓▓▓▓▓█░░░░░░░░░░░░░░█░░░░░░ However, if you distribute modified versions,
# ▓▓▓▓▓▓█░░░░░░░░░░░░░░█░░░░░░ you MUST also distribute the source code.
# ▓▓▓▓▓▓█░░░░░░░░░░░░░░█░░░░░░
# ▓▓▓▓▓▓█████░░░░░░░░░██░░░░░░ See http://www.gnu.org/licenses/gpl.html
# █████▀░░░░▀▀████████░░░░░░░░ for the full license.
#########################################################################
use Socket;
use IO::Socket;
use Parallel::ForkManager;
my $pm = new Parallel::ForkManager(25);
my $loop = 100;
my $facebook_profile_id = '100000281355534';#แก้ตรงนี้เป็นเลข facebook id ของคุณ
for(my $i=0;$i<=$loop;$i++){
$pm->start and next;
print "[+] sending $i ea\n";
&send_life($facebook_profile_id);
$pm->finish;
}
$pm->wait_all_children;
print "[+] done\n";
sub send_life {
my $payload = 'request_id=212465832187344_100000281355534&sender_id=100000179550296&recipient_id='.$_[0].'&cr=de156';
my $packet = "POST /game/accept_sent_life/ HTTP/1.1\r\n";
$packet .= "Host: dd.wooga.com\r\n";
$packet .= "User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded; charset=UTF-8\r\n";
$packet .= "X-Requested-With: XMLHttpRequest\r\n";
$packet .= "Referer: http://dd.wooga.com/landingpage/\r\n";
$packet .= "Content-Length: ".length($payload)."\r\n";
$packet .= "Pragma: no-cache\r\n";
$packet .= "Cache-Control: no-cache\r\n";
$packet .= "Connection: Close\r\n\r\n";
$packet .= $payload;
my $socket = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => 'dd.wooga.com',
PeerPort => 80,
) or die ("[!] can't creat socket\n");
print $socket $packet;
close($socket);
}
อันนี้ เขียนแบบ php ให้ดูตัวอย่าง การใช้ fsockopen
<?php
$facebook_profile_id = "100000281355534";
for($i=0;$i<=30;$i++){
echo "[+] sending $i ea<br>";
sent_life($facebook_profile_id);
}
echo "[+] done.";
function sent_life($facebook_profile_id){
$payload = "request_id=212465832187344_100000281355534&sender_id=100000179550296&recipient_id=".$facebook_profile_id."&cr=de156";
$packet = "POST /game/accept_sent_life/ HTTP/1.1\r\n";
$packet .= "Host: dd.wooga.com\r\n";
$packet .= "User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded; charset=UTF-8\r\n";
$packet .= "X-Requested-With: XMLHttpRequest\r\n";
$packet .= "Referer: http://dd.wooga.com/landingpage/\r\n";
$packet .= "Content-Length: ".strlen($payload)."\r\n";
$packet .= "Pragma: no-cache\r\n";
$packet .= "Cache-Control: no-cache\r\n";
$packet .= "Connection: Close\r\n\r\n";
$packet .= $payload;
if(!($sock = fsockopen("dd.wooga.com", 80))) die( "\n[-] No response from dd.wooga.com:80\n");
fwrite($sock, $packet);
fclose($sock);
}
?>
No comments:
Post a Comment