thinkphp 3.1.3 has SQL Injection via the index.php s parameter.Referenceshttp://www.blcat.cn/post-39.html
