### 简要描述:
过滤不严导致的注入
### 详细说明:
看文件 /app/exam/app.php 272-286行
```
public function lesson()
{
$action = $this->ev->url(3);
$page = $this->ev->get('page');
switch($action)
{
case 'ajax':
switch($this->ev->url(4))
{
case 'questions':
$number = $this->ev->get('number');
if(!$number)$number = 1;
$questid = $this->ev->getCookie('questype');
$knowsid = $this->ev->getCookie('knowsid');
$questions = $this->question->getRandQuestionListByKnowid($knowsid,$questid);
```
跟下getCookie 文件/lib/ev.cls.php 81-85行
```
public function getCookie($par,$nohead = 0)
{
if(isset($this->cookie[CH.$par]))return $this->cookie[CH.$par];
elseif(isset($this->cookie[$par]) && $nohead)return $this->cookie[$par];
else return false;
}
```
从cookie中获得参数,这里的knowsid没有处理。
然后带进了这个函数getRandQuestionListByKnowid