By:BlAck.Eagle

    早就发现这个地方有问题,可以导致恶意刷访问量。

    在百度发表文章一篇,然后点击编辑,抓包,如下:

POST /test/commit HTTP/1.1
Host: hi.baidu.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; zh-CN; rv:1.9) Gecko/2008052906 Firefox/3.0 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: [url]http://hi.baidu.com/test/modify/blog/0c6952db502807cdb7fd48cc[/url]
[b]Cookie: BAIDUID=D5CDD45C1EC5xxxx24F14C3141:FG=1; BDSP=e3f72afcca12495435fb37xxx00a4b0df5bd5195ccc533fa828ba61ea8d3fd1f4134970a304e251f95cad1c8a786c9177f3e6709c93d70cf3bc79f3df8dcd100baaxxx3cec3fdfc0396454b68; BDSTAT=8c856ca29021ecxxx9bb4dd5cbd02e83b01213fac0e7bec55e753ea; Hm_lpvt_4d16ad3b9xxxf64c3a01c5d=1302800577698; Hm_lvt_4d16ad3b9adade3b562e5f64c3a01c5d=1302800577698; _time_stamp_=3; BD_UTK_DVT=1; BDUSS=NHNXN-VW0yckJrUDdDVGdwa0xxxYzVOQVFBQUFBJCQAAAAAAAAAAAoakSfHV8gE08fT9LXEutrTpQAAAAAAAAAAAAAAAAAAAAAAAAAAAADgusV6AAAAAOC6xXoAAAAAcF1CAAAAAAAxMC4yxx3QKKdNeE; USERIDFO=0ebdddcae77ed638bxxx89608821cxxxb9debfe4b18[/b]Content-Type: application/x-www-form-urlencoded
Content-Length: 322
[b]bdstoken=ac52121470a40exxd731a94685&ct=1&mms_flag=0&cm=2&spBlogID=0c695xxxxBlogCatName_o=%C4%AC%C8%CF%B7%D6%Cxxitle=fuxxxCp%3Efuzz+for+test%xxxE&spBlogCatName=%spBlogPower=0&spIsCmtAllow=1&spShareNotAllow=0&spVcode=&spVerifyKey=[/b]

    写了一个py的脚本测试了下,只做安全研究,后果不负。现学的python,很不规范。

# -*- coding: gb2312 -*- 
import urllib2,httplib,sys,re,time
httplib.HTTPConnection.debuglevel = 1 
def usage(): 
    print "########################################################" 
    print "Usage:\n Fuzz 1000次 By:BlAck.Eagle" 
    print "python fuzzbaidu.py  [url]http://hi.baidu.com[/url] 10000"
    print "baidu fuzz浏览人数" 
    print "########################################################" 
    print ""
class SimpleCookieHandler(urllib2.BaseHandler):
    def http_request(self, req):
        # 任意发表一篇文章,然后选择编辑并抓包,将Cookie填写
        simple_cookie = '你的cookie'
        if not req.has_header('Cookie'):
            req.add_unredirected_header('Cookie', simple_cookie)
        else:
            cookie = req.get_header('Cookie')
            req.add_unredirected_header('Cookie', simple_cookie + '; ' + cookie)
        return req 

argvs=sys.argv 
usage()
def request():
    opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(), SimpleCookieHandler())
    # data为抓包POST里面的内容
    data = "post包里面的content" 
    pwurl = "%s/test/commit" % argvs[1]
    request = urllib2.Request( 
    url = pwurl , 
    headers = {'Content-Type' : 'application/x-www-form-urlencoded',
    'User-Agent': 'Mozilla/5.0 (Windows; U; Windows NT 5.2; zh-CN; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19',
    'Referer': 'http://hi.baidu.com/test/modify/blog/0c6952db502807cdb7fd48cc'
    }, 
    data = data)
    f=opener.open(request) 
    data2=f.read()
    url2 = re.search('您的文章已经修改成功',data2)
    url3 = re.search('您的操作过于频繁',data2)
    if url2 :
        print "[+]Fuzz Success"
    else: 
        if url3 :
            print '''您的操作过于频繁'''
            time.sleep(3600)    
        else:
            print "[-]Fuzz Failed"
        
integer = 1
while integer <= argvs[2]:
    print argvs[2]
    request()
    integer = integer + 1
    #百度做了时间验证,必须进行等待
    time.sleep(0.8)

    原理很简单,其实就是百度对于已注册的用户,修改文章的时候会默认增加浏览量。