骑士人才系统SQL注入与意外收获

### 简要描述： 某二次开发系统的SQL注入和74CMS邮箱内容泄漏 ### 详细说明： Google Hacker : ``` inurl:index_gangwei_x_x.php ``` 扔Sqlmap里跑一下： [<img src="https://images.seebug.org/upload/201409/1401590075db9108e03db38667c451f53ee74f67.png" alt="QQ截图20140914015818.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/1401590075db9108e03db38667c451f53ee74f67.png) 进后台，发现有SMTP功能： [<img src="https://images.seebug.org/upload/201409/1402000026068f2993581ea8dfc1dcddee43d7de.png" alt="QQ截图20140914015914.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/1402000026068f2993581ea8dfc1dcddee43d7de.png) Burp抓个包，直接获取邮箱密码，发现邮箱做了service@74cms.com邮箱的自动转发： [<img src="https://images.seebug.org/upload/201409/14020124c5d54aa36435e1a31b75f0c1f09a8c19.png" alt="QQ截图20140914020044.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/14020124c5d54aa36435e1a31b75f0c1f09a8c19.png) ### 漏洞证明： [<img src="https://images.seebug.org/upload/201409/14020134249926543b7718a8337c84e9a6b05b5b.png" alt="QQ截图20140914020044.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/14020134249926543b7718a8337c84e9a6b05b5b.png)