WooYun.org

POST /otn/login/loginAysnSuggest HTTP/1.1
Host: kyfw.12306.cn
Content-Length: 152
Accept: */*
Origin: https://kyfw.12306.cn
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://kyfw.12306.cn/otn/login/init
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6,zh-TW;q=0.4
Cookie: JSESSIONID=91FA1614F112D5178E44705FDF85E4D1; BIGipServerotn=1725497610.24610.0000; current_captcha_type=C
Connection: Keep-Alive
loginUserDTO.user_name=10000%40qq.com&userDTO.password=123456&randCode=wh6e&randCode_validate=&MTQwOTA5=ZGY5Y2ZjYjEyMjI2MWJiMg%3D%3D&myversion=undefined

POST /otsmobile/apps/services/api/MobileTicket/android/query HTTP/1.1
Host: mobile.12306.cn
Content-Length: 591
Origin: file://
Accept-Language: zh_CN
Authorization: {"morCustomRealm":"aDHgAUw92AQQCYjZyEX5TcAVgAncDZmQCAAUAewNzcgEoYAxMQjJrAEBBRWEWNX9AHnULd1w9cykTXj8xRxxxIlsxFUVPQmAfN0IlOi0iRRE7azdSPjVIIjVEGjIQNz46FVw8ZxZERQMeVSZoMF5nFU12Hk4xQ2ocGU4zYiJObDR3NSZPQCJJZEBtG2JBS3AyaF5EQgVGIU1IZ0VWBXdgTn1tCV89ajxgQDM5XyQ0PmVkVjRyBlc5Nm9oJEMSZnh2dkYcSjplfkd+NBx/GGhAWjFoFmEUZVNHLDFGKz5iaGtrYSVsEGZvdg=="}
X-Requested-With: XMLHttpRequest
x-wl-app-version: 2.0
x-wl-platform-version: 6.0.0
WL-Instance-Id: u76dbkg7kq364qrpfrp2oflm3f
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; GT-N7100 Build/JDQ39; CyanogenMod-0.9.9.7) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30/Worklight/6.0.0
Accept-Encoding: gzip,deflate
Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7
Cookie: BIGipServerworklight=3705078026.16420.0000; AlteonP=0a02eb040a02ebc5284cfdfd2378; JSESSIONID=0000D6oVUcQ2f3Uw70wtfc73C9v:196iqvou7; BIGipServernginxformobile=32178698.50215.0000
Connection: Keep-Alive
adapter=CARSMobileServiceAdapterV2&procedure=login&compressResponse=true&parameters=[{"baseDTO.os_type":"a","baseDTO.device_no":"53469c87548547e","baseDTO.mobile_no":"123444","baseDTO.time_str":"20150117212733","baseDTO.check_code":"170294cbd0ab3398d8ed39217170c9ad","baseDTO.version_no":"1.1","baseDTO.user_name":"[email protected]","password":"327bc4e22b649d47c4546a3ec93f376b"}]&__wl_deviceCtxVersion=-1&__wl_deviceCtxSession=30549131421501159027&isAjaxRequest=true&x=0.8806376396678388

http://www.80vul.com/yzm/v.php?url=http://wimg.zone.ci/upload/201501/1720224632ac157f9dd635bd901105790c35853f.jpg