检查出可以对表单中的隐藏字段进行操纵
URL http://202.201.39.48/phpmyadmin/index.php
请求方式 GET
问题参数 table
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=95333&token=9a490d6ae4cf1e25573722d20b1eec1f&db=&submit=submit
2、设置参数 table95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=9a490d6ae4cf1e25573722d20b1eec1f&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/

GET /phpmyadmin/index.php?lang=zh_CN&table=95333&token=9a490d6ae4cf1e25573722d20b1eec1f&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/phpmyadmin/index.php
请求方式 GET
问题参数 lang
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 lang95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/
  • Post-Data: lang=zh_CN&token=9a490d6ae4cf1e25573722d20b1eec1f&target=index.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/
  • Post-Data: lang=95333&token=9a490d6ae4cf1e25573722d20b1eec1f&target=index.php&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/index.php/message-comment-article-26.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/26.mhtml
  • Post-Data: content=&from=&objectID=26&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/26.mhtml
  • Post-Data: content=&from=&objectID=26&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-26.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/26.mhtml
  • Post-Data: content=&from=&objectID=26&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/26.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-27.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/27.mhtml
  • Post-Data: content=&from=&objectID=27&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/27.mhtml
  • Post-Data: content=&from=&objectID=27&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-27.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/27.mhtml
  • Post-Data: content=&from=&objectID=27&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/27.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-20.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/20.mhtml
  • Post-Data: content=&from=&objectID=20&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/20.mhtml
  • Post-Data: content=&from=&objectID=20&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-20.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/20.mhtml
  • Post-Data: content=&from=&objectID=20&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/20.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-24.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/24.mhtml
  • Post-Data: content=&from=&objectID=24&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/24.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-24.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/24.mhtml
  • Post-Data: content=&from=&objectID=24&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/24.mhtml
  • Post-Data: content=&from=&objectID=24&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-36.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/36.mhtml
  • Post-Data: content=&from=&objectID=36&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/36.mhtml
  • Post-Data: content=&from=&objectID=36&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-36.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/36.mhtml
  • Post-Data: content=&from=&objectID=36&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/36.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-33.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/33.mhtml
  • Post-Data: content=&from=&objectID=33&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/33.mhtml
  • Post-Data: content=&from=&objectID=33&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-33.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/33.mhtml
  • Post-Data: content=&from=&objectID=33&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/33.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-32.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/32.mhtml
  • Post-Data: content=&from=&objectID=32&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/32.mhtml
  • Post-Data: content=&from=&objectID=32&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-32.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/32.mhtml
  • Post-Data: content=&from=&objectID=32&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/32.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-23.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/23.mhtml
  • Post-Data: content=&from=&objectID=23&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/23.mhtml
  • Post-Data: content=&from=&objectID=23&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-23.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/23.mhtml
  • Post-Data: content=&from=&objectID=23&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/23.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-34.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/34.mhtml
  • Post-Data: content=&from=&objectID=34&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/34.mhtml
  • Post-Data: content=&from=&objectID=34&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-34.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/34.mhtml
  • Post-Data: content=&from=&objectID=34&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/34.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-25.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/25.mhtml
  • Post-Data: content=&from=&objectID=25&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/25.mhtml
  • Post-Data: content=&from=&objectID=25&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-25.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/25.mhtml
  • Post-Data: content=&from=&objectID=25&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/25.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-28.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/28.mhtml
  • Post-Data: content=&from=&objectID=28&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/28.mhtml
  • Post-Data: content=&from=&objectID=28&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-28.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/28.mhtml
  • Post-Data: content=&from=&objectID=28&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/28.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-29.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/29.mhtml
  • Post-Data: content=&from=&objectID=29&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/29.mhtml
  • Post-Data: content=&from=&objectID=29&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-29.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/29.mhtml
  • Post-Data: content=&from=&objectID=29&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/29.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-30.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/30.mhtml
  • Post-Data: content=&from=&objectID=30&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/30.mhtml
  • Post-Data: content=&from=&objectID=30&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-30.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/30.mhtml
  • Post-Data: content=&from=&objectID=30&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/30.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-35.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/35.mhtml
  • Post-Data: content=&from=&objectID=35&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/35.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-35.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/35.mhtml
  • Post-Data: content=&from=&objectID=35&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/35.mhtml
  • Post-Data: content=&from=&objectID=35&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-19.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/19.mhtml
  • Post-Data: content=&from=&objectID=19&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/19.mhtml
  • Post-Data: content=&from=&objectID=19&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-19.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/19.mhtml
  • Post-Data: content=&from=&objectID=19&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/19.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-21.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/21.mhtml
  • Post-Data: content=&from=&objectID=21&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/21.mhtml
  • Post-Data: content=&from=&objectID=21&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-21.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/21.mhtml
  • Post-Data: content=&from=&objectID=21&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/21.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/phpmyadmin/index.php
请求方式 POST
问题参数 table
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=95333&token=38ca1825272ca2bd1a338fd9897b3eb6&db=&submit=submit
2、设置参数 table95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=38ca1825272ca2bd1a338fd9897b3eb6&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/index.php
  • Content-Type: application/x-www-form-urlencoded

GET /phpmyadmin/index.php?lang=zh_CN&table=95333&token=38ca1825272ca2bd1a338fd9897b3eb6&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/index.php
  • Content-Type: application/x-www-form-urlencoded

URL http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=atestu&token=b75bba5fa7203396feddaf1661b8a65c&db=atestu
请求方式 GET
问题参数 server
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 server95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/index.php
  • Post-Data: token=7fcecc7e053cebddb0e6c7e96631b0e9&target=index.php&pma_password=&table=atestu&pma_username=&db=atestu&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/index.php
  • Post-Data: token=7fcecc7e053cebddb0e6c7e96631b0e9&target=index.php&pma_password=&table=atestu&pma_username=&db=atestu&submit=submit&server=95333

URL http://202.201.39.48/index.php/message-comment-article-22.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/22.mhtml
  • Post-Data: content=&from=&objectID=22&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/22.mhtml
  • Post-Data: content=&from=&objectID=22&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-22.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/22.mhtml
  • Post-Data: content=&from=&objectID=22&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/22.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-31.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/31.mhtml
  • Post-Data: content=&from=&objectID=31&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/31.mhtml
  • Post-Data: content=&from=&objectID=31&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-31.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/31.mhtml
  • Post-Data: content=&from=&objectID=31&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/31.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/index.php/message-comment-article-37.mhtml
请求方式 GET
问题参数 objectType
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectType95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/37.mhtml
  • Post-Data: content=&from=&objectID=37&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/37.mhtml
  • Post-Data: content=&from=&objectID=37&receiveEmail=1&email=&submit=submit&objectType=95333

URL http://202.201.39.48/index.php/message-comment-article-37.mhtml
请求方式 GET
问题参数 objectID
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-post-comment.mhtml
2、设置参数 objectID95333
3、对比页面相似度。
请求&响应
POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/37.mhtml
  • Post-Data: content=&from=&objectID=37&receiveEmail=1&email=&submit=submit&objectType=article

POST /index.php/message-post-comment.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/37.mhtml
  • Post-Data: content=&from=&objectID=95333&receiveEmail=1&email=&submit=submit&objectType=article

URL http://202.201.39.48/phpmyadmin/index.php
请求方式 POST
问题参数 table
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=95333&token=7bc7bed6ca7344a3b5a30dcd08615a18&db=&submit=submit
2、设置参数 table95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=7bc7bed6ca7344a3b5a30dcd08615a18&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN;pmaAuth-1=deleted
  • Referer: http://202.201.39.48/phpmyadmin/index.php
  • Content-Type: application/x-www-form-urlencoded

GET /phpmyadmin/index.php?lang=zh_CN&table=95333&token=7bc7bed6ca7344a3b5a30dcd08615a18&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN;pmaAuth-1=deleted
  • Referer: http://202.201.39.48/phpmyadmin/index.php
  • Content-Type: application/x-www-form-urlencoded

URL http://202.201.39.48/phpmyadmin/server_databases.php
请求方式 GET
问题参数 db
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=&token=d616758a5fa957377bcc7db348d1ef2d&db=95333&submit=submit
2、设置参数 db95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=d616758a5fa957377bcc7db348d1ef2d&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

GET /phpmyadmin/index.php?lang=zh_CN&table=&token=d616758a5fa957377bcc7db348d1ef2d&db=95333&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

URL http://202.201.39.48/phpmyadmin/server_databases.php
请求方式 GET
问题参数 table
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=95333&token=d616758a5fa957377bcc7db348d1ef2d&db=&submit=submit
2、设置参数 table95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=d616758a5fa957377bcc7db348d1ef2d&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

GET /phpmyadmin/index.php?lang=zh_CN&table=95333&token=d616758a5fa957377bcc7db348d1ef2d&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

URL http://202.201.39.48/phpmyadmin/server_databases.php
请求方式 GET
问题参数 token
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=&token=95333&db=&submit=submit
2、设置参数 token95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=d616758a5fa957377bcc7db348d1ef2d&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

GET /phpmyadmin/index.php?lang=zh_CN&table=&token=95333&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

URL http://202.201.39.48/phpmyadmin/server_databases.php
请求方式 GET
问题参数 target
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 target95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js
  • Post-Data: token=d616758a5fa957377bcc7db348d1ef2d&target=server_databases.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js
  • Post-Data: token=d616758a5fa957377bcc7db348d1ef2d&target=95333&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/db_routines.php
请求方式 GET
问题参数 table
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=95333&token=6b79cab755f9ad8cf3b9c4375bcba133&db=&submit=submit
2、设置参数 table95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=6b79cab755f9ad8cf3b9c4375bcba133&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

GET /phpmyadmin/index.php?lang=zh_CN&table=95333&token=6b79cab755f9ad8cf3b9c4375bcba133&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

URL http://202.201.39.48/phpmyadmin/tbl_indexes.php
请求方式 GET
问题参数 db
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=&token=7ba38ca378dc178edc1be1fadc2009f0&db=95333&submit=submit
2、设置参数 db95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=7ba38ca378dc178edc1be1fadc2009f0&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

GET /phpmyadmin/index.php?lang=zh_CN&table=&token=7ba38ca378dc178edc1be1fadc2009f0&db=95333&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

URL http://202.201.39.48/phpmyadmin/tbl_indexes.php
请求方式 GET
问题参数 table
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=95333&token=7ba38ca378dc178edc1be1fadc2009f0&db=&submit=submit
2、设置参数 table95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=7ba38ca378dc178edc1be1fadc2009f0&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

GET /phpmyadmin/index.php?lang=zh_CN&table=95333&token=7ba38ca378dc178edc1be1fadc2009f0&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

URL http://202.201.39.48/phpmyadmin/view_create.php
请求方式 GET
问题参数 server
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 server95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js
  • Post-Data: token=ce610985ec150b4a2fe9272a3ec65434&target=view_create.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js
  • Post-Data: token=ce610985ec150b4a2fe9272a3ec65434&target=view_create.php&pma_password=&pma_username=&submit=submit&server=95333

URL http://202.201.39.48/phpmyadmin/view_create.php
请求方式 GET
问题参数 target
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 target95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js
  • Post-Data: token=ce610985ec150b4a2fe9272a3ec65434&target=view_create.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js
  • Post-Data: token=ce610985ec150b4a2fe9272a3ec65434&target=95333&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/view_create.php
请求方式 GET
问题参数 token
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 token95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js
  • Post-Data: token=ce610985ec150b4a2fe9272a3ec65434&target=view_create.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js
  • Post-Data: token=95333&target=view_create.php&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/querywindow.php
请求方式 GET
问题参数 table
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=95333&token=5e1836f2417fdf15721a27add94db2c2&db=&submit=submit
2、设置参数 table95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=5e1836f2417fdf15721a27add94db2c2&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

GET /phpmyadmin/index.php?lang=zh_CN&table=95333&token=5e1836f2417fdf15721a27add94db2c2&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

URL http://202.201.39.48/phpmyadmin/querywindow.php
请求方式 GET
问题参数 target
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 target95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js
  • Post-Data: token=5e1836f2417fdf15721a27add94db2c2&target=querywindow.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js
  • Post-Data: token=5e1836f2417fdf15721a27add94db2c2&target=95333&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/
请求方式 GET
问题参数 lang
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 lang95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/index.php
  • Post-Data: lang=zh_CN&token=bff7346146fbf9724f78649aaae90f80&target=index.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/index.php
  • Post-Data: lang=95333&token=bff7346146fbf9724f78649aaae90f80&target=index.php&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/tbl_zoom_select.php
请求方式 GET
问题参数 lang
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 lang95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/tbl_zoom_plot_jqplot.js
  • Post-Data: lang=zh_CN&token=27d7fbac452bdc226eb7d3c873357f2a&target=tbl_zoom_select.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/tbl_zoom_plot_jqplot.js
  • Post-Data: lang=95333&token=27d7fbac452bdc226eb7d3c873357f2a&target=tbl_zoom_select.php&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/sql.php
请求方式 GET
问题参数 target
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 target95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/makegrid.js
  • Post-Data: lang=zh_CN&token=bd02a63ba738e9ad25b5b56a96a3a5ea&target=sql.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/makegrid.js
  • Post-Data: lang=zh_CN&token=bd02a63ba738e9ad25b5b56a96a3a5ea&target=95333&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/sql.php
请求方式 GET
问题参数 lang
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 lang95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/makegrid.js
  • Post-Data: lang=zh_CN&token=bd02a63ba738e9ad25b5b56a96a3a5ea&target=sql.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/makegrid.js
  • Post-Data: lang=95333&token=bd02a63ba738e9ad25b5b56a96a3a5ea&target=sql.php&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/tbl_replace.php
请求方式 GET
问题参数 db
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=&token=e8725ac63c057e37e6c8cdc45965693b&db=95333&submit=submit
2、设置参数 db95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=e8725ac63c057e37e6c8cdc45965693b&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/makegrid.js

GET /phpmyadmin/index.php?lang=zh_CN&table=&token=e8725ac63c057e37e6c8cdc45965693b&db=95333&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/makegrid.js

URL http://202.201.39.48/phpmyadmin/tbl_replace.php
请求方式 GET
问题参数 lang
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 lang95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/makegrid.js
  • Post-Data: lang=zh_CN&token=e8725ac63c057e37e6c8cdc45965693b&target=tbl_replace.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/makegrid.js
  • Post-Data: lang=95333&token=e8725ac63c057e37e6c8cdc45965693b&target=tbl_replace.php&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/gis_data_editor.php
请求方式 GET
问题参数 db
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=&token=e3e262bf6be6172938a2a9bf5d04f671&db=95333&submit=submit
2、设置参数 db95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=e3e262bf6be6172938a2a9bf5d04f671&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/gis_data_editor.js

GET /phpmyadmin/index.php?lang=zh_CN&table=&token=e3e262bf6be6172938a2a9bf5d04f671&db=95333&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/gis_data_editor.js

URL http://202.201.39.48/phpmyadmin/gis_data_editor.php
请求方式 GET
问题参数 table
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=95333&token=e3e262bf6be6172938a2a9bf5d04f671&db=&submit=submit
2、设置参数 table95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=e3e262bf6be6172938a2a9bf5d04f671&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/gis_data_editor.js

GET /phpmyadmin/index.php?lang=zh_CN&table=95333&token=e3e262bf6be6172938a2a9bf5d04f671&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/gis_data_editor.js

URL http://202.201.39.48/phpmyadmin/prefs_manage.php
请求方式 GET
问题参数 lang
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 lang95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/config.js
  • Post-Data: lang=zh_CN&token=05f452662673dfb2dcea18e5e8a24450&target=prefs_manage.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/config.js
  • Post-Data: lang=95333&token=05f452662673dfb2dcea18e5e8a24450&target=prefs_manage.php&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/pmd_relation_upd.php
请求方式 GET
问题参数 target
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 target95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js
  • Post-Data: lang=zh_CN&token=d347e097957a1df34fe75123e43fb58f&target=pmd_relation_upd.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js
  • Post-Data: lang=zh_CN&token=d347e097957a1df34fe75123e43fb58f&target=95333&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/pmd_relation_upd.php
请求方式 GET
问题参数 lang
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 lang95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js
  • Post-Data: lang=zh_CN&token=d347e097957a1df34fe75123e43fb58f&target=pmd_relation_upd.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js
  • Post-Data: lang=95333&token=d347e097957a1df34fe75123e43fb58f&target=pmd_relation_upd.php&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/pmd_display_field.php
请求方式 GET
问题参数 table
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=95333&token=d84fb09631ba50f2263108ea9dc2e8c1&db=&submit=submit
2、设置参数 table95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=d84fb09631ba50f2263108ea9dc2e8c1&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js

GET /phpmyadmin/index.php?lang=zh_CN&table=95333&token=d84fb09631ba50f2263108ea9dc2e8c1&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js

URL http://202.201.39.48/phpmyadmin/pmd_relation_new.php
请求方式 GET
问题参数 table
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=95333&token=d21569f0d3a02583eddc97ae3955e886&db=&submit=submit
2、设置参数 table95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=d21569f0d3a02583eddc97ae3955e886&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js

GET /phpmyadmin/index.php?lang=zh_CN&table=95333&token=d21569f0d3a02583eddc97ae3955e886&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js

URL http://202.201.39.48/phpmyadmin/pmd_relation_new.php
请求方式 GET
问题参数 lang
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 lang95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js
  • Post-Data: lang=zh_CN&token=d21569f0d3a02583eddc97ae3955e886&target=pmd_relation_new.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js
  • Post-Data: lang=95333&token=d21569f0d3a02583eddc97ae3955e886&target=pmd_relation_new.php&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/pmd_save_pos.php
请求方式 GET
问题参数 lang
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 lang95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js
  • Post-Data: lang=zh_CN&token=558b435894da6b478e7ed1b3df92b018&target=pmd_save_pos.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js
  • Post-Data: lang=95333&token=558b435894da6b478e7ed1b3df92b018&target=pmd_save_pos.php&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/tbl_create.php
请求方式 GET
问题参数 target
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 target95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js
  • Post-Data: lang=zh_CN&token=893c2903934639e2514fbb505ec0bfe7&target=tbl_create.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js
  • Post-Data: lang=zh_CN&token=893c2903934639e2514fbb505ec0bfe7&target=95333&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/tbl_create.php
请求方式 GET
问题参数 lang
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php
2、设置参数 lang95333
3、对比页面相似度。
请求&响应
POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js
  • Post-Data: lang=zh_CN&token=893c2903934639e2514fbb505ec0bfe7&target=tbl_create.php&pma_password=&pma_username=&submit=submit&server=1

POST /phpmyadmin/index.php HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js
  • Post-Data: lang=95333&token=893c2903934639e2514fbb505ec0bfe7&target=tbl_create.php&pma_password=&pma_username=&submit=submit&server=1

URL http://202.201.39.48/phpmyadmin/tbl_structure.php
请求方式 GET
问题参数 table
判断标准 1、根据原始响应页面中的form表单构造新的请求,依次修改form表单中type为hidden的字段;
2、对比修改后的页面相似度,如果页面对比差异很大,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=95333&token=2043711ad132c1eedaddd99402d48e72&db=&submit=submit
2、设置参数 table95333
3、对比页面相似度。
请求&响应
GET /phpmyadmin/index.php?lang=zh_CN&table=&token=2043711ad132c1eedaddd99402d48e72&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js

GET /phpmyadmin/index.php?lang=zh_CN&table=95333&token=2043711ad132c1eedaddd99402d48e72&db=&submit=submit HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie:
  • Referer: http://202.201.39.48/phpmyadmin/js/pmd/move.js