Supplement of Baoyu's "URL deception in the fake!" POST method submitted the processing! (之者 也, weird twisting!)
We first build an environment: IIS agent, JSP page under RESIN! (RESIN is a Java application server)
1.Resin Get: http://www.caucho.com/download/resin-2.1.16.zip Download After downloading a directory, such as: E: /RESIN/RESIN-2.1.16/
2. Configure RESIN (Java SDK configuration will not be described) Open with text editor: E: /RESIN/RESIN-2.1.16/conf/RESIN.CONF
configurable port, Resin default is 8080! If you can use it!
SimplePost.jsp, INDEX.XTP, INDEX.JSP, INDEX.HTML Configurable Default Welcome page!
3. Create a new directory TEST in E: /RESIN/RESIN-2.1.16/webapps/: Write E: /RESIN/RESIN-2.1.16/webapps/test/index.jsp and save! E: / resin / resin -2.1.16 / WebApps / Test / is an Application
<% @ page import = 'java.util. *'%>
test </ title> </ head> <h1> form value: </ h1> <table> <% enumeration E = Request.getParameterNames (); while (E.hasMoreElements ()) {string name = (String) E.NEXTELEMENT (); string [] value = (String []) Request.GetParameterValues (Name);%> <tr> <TD> <% = Name%> <TD> <% = VALUES [0]%> <% IF (Values.Length> 1) {for (int i = 1; i <valuees.Length; i ) {%> <% = VALUES [I]%> </ table> <form action = 'http: // localhost' method = 'post'> <input name = 'comment' type = "text" Value = "<% = Request.getParameter (" Comment ")%>"> <input name = 'comment2' type = "value =" <% = Request.getParameter ("Comment2")%>> <input TYPE = Submit> </ form> </ body> </ html></p>
<p>4. Write C # OpenLab.urlcheat.cs: (Modify the processing of POST operations on the basis of Baoyu)</p>
<p>//OpenLab.urlcheat.cs// Command line compile: CSC / T: library openLab.urlcheat.cs // The generated openLab.urlcheat.dll Store to build a bin directory in the IIS home directory! // such as: C: / inetpub / wwwroot / bin / Openlab.UrlCheat.dllnamespace Openlab.UrlCheat {using System; using System.Configuration; using System.Web; using System.IO; using System.Net; using System.Text; // original Globals.cs / // <summary> /// Summary description for globals. /// </ summary> public class globals {</p>
<p>// The default domain is the Bo Hall Private StRING DEFAULTDOMAIN = "blog.joycode.com";</p>
<p>Public static bool isnullorempty (string text) {if (text! = null) {return (text.trim () == String.empty;} Return true;</p>
<p>/// <summary> /// Return to HTTPWebResponse object according to URL /// </ summary> /// <param name = "URL"> </ param> /// <returns> </ returns> public static httpwebresponse WebResponse (string url) {httpwebRequest request = (httpwebrequest) WebRequest.create (URL); httpwebresponse response = (httpwebresponse) Request.getResponse;}</p>
<p>/// <summary> /// Gets the encoding information of the web page /// </ summary> /// <param name = "response"> </ param> /// <returns> </ return> /// < remarks> If a page, it ConentType containing coded information, such as "text / html; charset = utf-8" </ remarks> public static encoding GetEncoding (HttpWebResponse response) {string name = response.ContentEncoding; encoding code = encoding .Default; if (name == ") {string contentType = response.contentType; IF (contenttype.tolower (). Indexof (" charset ")! = -1) {name = contentType.substring (contenttype.tolower () . IndexOf ("charset =") "charset =");}}} if (name! = ") {Try {code = encoding.getencoding (name);} catch}}}</p>
<p>/// <summary> /// Get text content /// </ summary> /// <param name = "response"> </ param> /// <returns> </ returns> public static string textcontent (httpwebresponse Response) {String Buffer = "", line;</p>
<p>Stream stream = response.GetResponseStream (); StreamReader reader = new StreamReader (stream, GetEncoding (response)); // buffer = "<base href = http: // localhost: 1080 />"; while ((line = reader. Readline ())! = Null) {Buffer = line "/ r / n";} stream.close ();</p>
<p>Return buffer;</p>
<p>// post Copy & paste from QuickStart by playyuer $ at $ Microshaoft.com //http://chs.gotdotnet.com/quickstart/util/srcview.aspx?path=/quickstart/howto/samples/net/WebRequests/clientPOST .src & file = cs / clientpost.cs & font = 3 // In addition, there is an old post to refer to // "C # written HTTPREQUSETRESPONSE class, asynchronous, event ... is still hot!" // http://blog.9cbs .net / playyuer / archive / 2003/07/03 / 2856.aspx public static string getPage (string url, string payload) {System.Net.WebResponse result = null; string s = ""; try {WebRequest req = WebRequest. Create (URL); Req.Method = "post"; req.contenttype = "Application / X-WWW-form-urlencoded"; stringbuilder urlencoded = new stringbuilder (); char [] reserved = {'?', '=' , '&'}; Byte [] Somebytes = NULL;</p>
<p>IF (PayLoad! = NULL) {INT i = 0, J; While (i <payload.length) {j = payd.indexofany (reserved, i); if (j == - 1) {urlencoded.append (httputility. UrlEncode (payload.Substring (i, payload.Length-i))); break;} UrlEncoded.Append (HttpUtility.UrlEncode (payload.Substring (i, ji))); UrlEncoded.Append (payload.Substring (j, 1 )); i = j 1;} SomeBytes = Encoding.UTF8.GetBytes (UrlEncoded.ToString ()); req.ContentLength = SomeBytes.Length; Stream newStream = req.GetRequestStream (); newStream.Write (SomeBytes, 0, Somebytes.length; newstream.close ();} else {req.contentLength = 0;}</p>
<p>result = req.GetResponse (); Stream ReceiveStream = result.GetResponseStream (); Encoding encode = System.Text.Encoding.GetEncoding ( "utf-8"); StreamReader sr = new StreamReader (ReceiveStream, encode); Console.WriteLine ( "/ R / N has received response stream"); char [] read = new char [256]; int count = sr.read (read, 0, 256); console.writeline ("HTML ... / R / N "); while (count> 0) {string str = new string (read, 0, count); console.write (str); // add by playyuer s = str; count = sr.read (read, 0 , 256);} console.writeline (""); returnction} catch (e) {console.writeline (E.TOString ()); console.writeline ("/ r / n can not find the request URI, or Its format is incorrect "); Return S;} finally {if (Result! = Null) {result.close ();}}} /// <summary> /// domain name /// </ summary> // / <remarks> If you support an extension-name resolution, you can also do 1bu.com:) </ remarks> public static string domain {get {string domain = configurationSettings.appsettings ["Domain"]; if (domain = = NULL || Domain == "") Domain = defaultdomain; return domain;}}</p>
<p>/// <summary> /// domain name URL /// </ summary> public static string domainurl {get {string url = domain.tolower (); if (! url.startswith ("http: //")) {URL = "http: //" URL;} if (! Url.endswith (")) {url = url " / ";} return url;}}</p>
<p>/// <summary> /// real address /// </ summary> /// <param name = "rawurl"> </ param> /// <returns> </ returns> public static string realurl (String Rawurl ) {String realur1; realurl = globals.domainurl rawurl.trimstart ('/'); return realurl;} static public string appliologicalPath {</p>
<p>Get {string applicationPath = httpContext.current.request.ApplicationPath;</p>
<p>IF (ApplicationPath == "/") {Return String.empty;} else {return applicationPath.tolower ();}}}}</p>
<p>// Original redirect.cs /// <summary> /// Turn URL /// </ summary> public class redirect: IHTTPHANDLER {public redirect () {}</p>
<p>public void ProcessRequest (HttpContext context) {string rawUrl = context.Request.RawUrl.ToLower (); string realUrl = rawUrl; if {if (rawUrl.StartsWith ((Globals.IsNullorEmpty (rawUrl)!)! "http: //" )) {Realurl = globals.realurl (RAWURL);}} CONTEXT.RESPONSE.REDIRECT (REALUR); context.response.end ();</p>
<p>// Properties public bool isreusable {get {returnaf false;}}}}</p>
<p>// original WebResponse.cs /// <summary> /// outputting content /// </ summary> public class WebResponse: IHttpHandler {public void ProcessRequest (HttpContext context) {string rawUrl = context.Request.RawUrl.ToLower () ; If (! Globals.isnullorempty (rawur)) {// If it is "http: //", it is said to be an absolute path, and you can jump directly if (! Rawurl.startswith ("http: //")) { string realUrl = Globals.RealUrl (rawUrl); // add by playyuer $ at $ Microshaoft.com if (context.Request.HttpMethod.ToLower () == "get") {HttpWebResponse response = Globals.WebResponse (realUrl);</p>
<p>/ / If it is not a text type, jump if (! Response.contenttype.tolower (). StartSwith ("text /")) Context.Response.Redirect (Realull);</p>
<p>// Text type first get the text content, then output directly to the browse. String content = globals.textcontent (response); context.response.write (content);} // add by Playyuer $ AT $ microshaoft.com else // POST {String S = ""; Foreach (String S in Context.Request.form.allKeys) {if (S.Length> 0) s = "&"; s = s "=" context.request. Form [S];} //context.response.write (s); context.Response.write (Globals.getPage (REALURL, S));}} else {context.response.redirect (rawurl);}} else { //} context.Response.end ();</p>
<p>Public bool isreusable {get {returnaf false;}}}}</p>
<p>4. Web.config under the main directory of IIS, such as: c: /inetpub/wwwroot/web.config:</p>
<p><? XML Version = "1.0" encoding = "UTF-8"?> <configuration> <system.web> <compiration defaultlanguage = "c #" debug = "true" /> <httphandlers> <add verb = "*" Path = "*. gif" type = "openLab.urlcheat.Redirect, openlab.urlcheat" /> <add verb = "*" path = "*. jpg" type = "openlab.urlcheat.Redirect, OpenLab.urlcheat" /> <add verb = "*" path = "*. jpeg" type = "openLab.urcheat.Redirect, OpenLab.urlcheat" /> <add verb = "*" path = "*. RAR" type = "OpenLAB.URLCHEAT. Redirect, OpenLab.urlcheat "/> <add verb =" * "path =" *. Zip "type =" openlab.urlcheat.Redirect, OpenLab.urlcheat "/> <add verb =" * "path =" *. Webinfo "Type =" system.Web.httpForbiddenhandler "/> <add verb =" get "path =" * "type =" openlab.urlcheat.webresponse, openlab.urlcheat "/> <add verb =" post "path =" * "type =" openlab.urlcheat.webresponse, openlab.urlcheat "/> </ httphandlers> <//system.web> <appsettings> <! - You can modify this domain name -> <add key =" domain "value = "http:// localhost: 8080 / test /" /> </ appsettings> </ configuration> 5. Running resin and iise: /resin/resin-2.1.16/bin/httpd.exe</p>
<p>6. Access in the IE address bar: http: // localhost submit some data tests! Look at the correct way?! I have a slowed down! Different Baoyu and I have not considered replacing the HREF's URL processing!</p></div><div class="text-center mt-3 text-grey">
转载请注明原文地址:https://www.9cbs.com/read-53651.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>)
</div><div></div></div></div><ul class="postlist list-unstyled">
</ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="53651" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved
</div><div class="col text-right">Processed:
<b>0.037</b>, SQL:
<b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script>
var debug = DEBUG = 0;
var url_rewrite_on = 1;
var url_path = './';
var forumarr = {"1":"Tech"};
var fid = 1;
var uid = 0;
var gid = 0;
xn.options.water_image_url = 'view/img/water-small.png';
</script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script>
var forum_url = 'list-1.html';
var safe_token = 'aVNMpYhjPyFuCd9KZUFWoHpHBpVU0lwZdV22GVqntT08SVYnqqqXIFxJzC_2F0xmJcKV_2B7XYnSoJVB89iu';
var body = $('body');
body.on('submit', '#form', function() {
var jthis = $(this);
var jsubmit = jthis.find('#submit');
jthis.reset();
jsubmit.button('loading');
var postdata = jthis.serializeObject();
$.xpost(jthis.attr('action'), postdata, function(code, message) {
if(code == 0) {
location.reload();
} else {
$.alert(message);
jsubmit.button('reset');
}
});
return false;
});
function resize_image() {
var jmessagelist = $('div.message');
var first_width = jmessagelist.width();
jmessagelist.each(function() {
var jdiv = $(this);
var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width();
var jmessage_width = Math.min(jdiv.width(), maxwidth);
jdiv.find('img, embed, iframe, video').each(function() {
var jimg = $(this);
var img_width = this.org_width;
var img_height = this.org_height;
if(!img_width) {
var img_width = jimg.attr('width');
var img_height = jimg.attr('height');
this.org_width = img_width;
this.org_height = img_height;
}
if(img_width > jmessage_width) {
if(this.tagName == 'IMG') {
jimg.width(jmessage_width);
jimg.css('height', 'auto');
jimg.css('cursor', 'pointer');
jimg.on('click', function() {
});
} else {
jimg.width(jmessage_width);
var height = (img_height / img_width) * jimg.width();
jimg.height(height);
}
}
});
});
}
function resize_table() {
$('div.message').each(function() {
var jdiv = $(this);
jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>');
});
}
$(function() {
resize_image();
resize_table();
$(window).on('resize', resize_image);
});
var jmessage = $('#message');
jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); });
jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); });
$('#nav li[data-active="fid-1"]').addClass('active');
</script>
