企业直播不知道在哪改。

GET /activity.php?a=userAssign&id=555555&userid=00001901a6bb42de53d23f1fde0f9999&name=%E6%AC%A7%E9%98%B3%E9%94%8B&avatar=https://tvax1.sinaimg.cn/crop.0.0.1080.1080.50/005Q2ErNly8gmo938bamfj30u00u0428.jpg&key= HTTP/1.1
Host: mudu.tv
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://www.google.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Hm_lvt_22db863c7d7b02b102cf93831ce76aa6=1611121707; Hm_lpvt_22db863c7d7b02b102cf93831ce76aa6=1611124590

下面是评论的发包，抽奖时候可用。。

POST /comments/api/activities/oxxxxxm/comment HTTP/1.1
Host: mudu.tv
Connection: close
Content-Length: 47
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
X-CSRF-TOKEN: 
Content-Type: application/json; charset=UTF-8
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.google.com
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: 

{"message":"吐槽吐槽食堂吧","images":[]}

https://bgp.he.net/AS201106
https://ipinfo.io/AS201106
https://db-ip.com/as63473

就是支持的Ciphers不一致导致的。
先用

ssh -Q cipher

查看一下支持哪些，然后放到/etc/ssh/ssh_config里面。
里面有一行是关于Ciphers的，注释了的。在它下一行追加就行了。

Ciphers 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

https://tools.digitalpoint.com/cookie-search?name=TINGYUN_DATA
查找cookie中有指定字段的网站。

新版本默认已经不允许导入导出文件了。
想查看一些敏感的变量信息，不一定通过show variable来查看。因为注入点是不支持show的，只能select。
这时候可以这样：

MySQL [(none)]> select @@pid_file;
+-----------------------+
| @@pid_file            |
+-----------------------+
| /data/mysql/mysql.pid |
+-----------------------+
1 row in set (0.00 sec)

或者

MySQL [(none)]> select @@slow_query_log_file;
+----------------------------+
| @@slow_query_log_file      |
+----------------------------+
| /data/mysql/mysql-slow.log |
+----------------------------+
1 row in set (0.00 sec)

其实就是把show variables;结果中的key前面加上@@，然后再select。
能知道目标的一些敏感信息，比如日志路径，主目录，常见目录等等