漏洞分析 | SeaCMS v12.9 中 SQL 注入

https://github.com/HuaQiPro/seacms/blob/ffa00178c7bf966b6bed7109ca76c270eadfeb70/js/player/dmplayer/dmku/class/mysqli.class.php#L287-L305

第287-305行public static function 删除_弹幕数据($id){        try {            global $_config;            $conn = @new mysqli($_config['数据库']['地址'], $_config['数据库']['用户名'], $_config['数据库']['密码'], $_config['数据库']['名称'], $_config['数据库']['端口']);            $conn->set_charset('utf8');            if ($_GET['type'] == "list") {                $sql = "DELETE FROM sea_danmaku_report WHERE cid={$id}";                $result = "DELETE FROM sea_danmaku_list WHERE cid={$id}";                $conn->query($sql);                $conn->query($result);            } else if ($_GET['type'] == "report") {                $sql = "DELETE FROM sea_danmaku_report WHERE cid={$id}";                $conn->query($sql);            }        } catch (PDOException $e) {            showmessage(-1, '数据库错误:' . $e->getMessage());        }    }