This function node on the website background can directly execute SQL statements, but requires a password code, which can be exploded. The default password code is 6 digits, and it will be exploded in a moment.
We try to execute the following statement
UPDATE ourphp_mail set OP_Mailpass='37e0c8f50a64a454' WHERE id='4';
You can see that this value is currently 123456
Then we execute the statement，And then use burp to explode the password code
See the prompt that the operation was successful
The value has also been changed
Just download it and put it directly into PHPstudy