大汉JCMS系统SQL注入漏洞

简要描述： 详细说明： 缺陷：module/sitesearch/index.jsp 注入参数columnid 漏洞证明： 案例测试： 测试A： mask 区域 1.http://.. /module/sitesearch/index.jsp?columnid=0,-11,5086,5087,5088,5089,5090,5104,5105,5106,5107,5091,5108,5109,5110,5111,5092,5120,5121,5122,5123,5093,5094,5095,5117,5118,5119,5096,5097,5098,5099,5100 测试B： mask ...