晴天小铸 PS:…一襲白衣走來,看似風清雲淡,其實風卷雲殘,非人即鬼…

详细说明：
http://www.dedecms.com/plus/search.php?keyword=xxxx&channeltype=-0&orderby=&kwtype=-1&pagesize=10&typeid=0&TotalResult=-336&PageNo=%3E%3E%3E%3E%3E%3E%3E%3E%3E%3E%3EFuck%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C&plistgo=%C7%E7%CC%EC%D0%A1%D6%FD?
漏洞证明：
http://www.dedecms.com/plus/search.php?keyword=xxxx&channeltype=-0&orderby=&kwtype=-1&pagesize=10&typeid=0&TotalResult=-336&PageNo=%3E%3E%3E%3E%3E%3E%3E%3E%3E%3E%3EFuck%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C&plistgo=%C7%E7%CC%EC%D0%A1%D6%FD?

Error page: /plus/search.php?keyword=xxxx&channeltype=-0&orderby=&kwtype=-1&pagesize=10&typeid=0&TotalResult=-336&PageNo=%3E%3E%3E%3E%3E%3E%3E%3E%3E%3E%3EFuck%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C&plistgo=%C7%E7%CC%EC%D0%A1%D6%FD?

Error infos: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10,10' at line 4

Error sql: Select arc.*,act.typedir,act.typename,act.isdefault,act.defaultname,act.namerule, act.namerule2,act.ispart,act.moresite,act.siteurl,act.sitepath from `dede_archives` arc left join `dede_arctype` act on arc.typeid=act.id where arc.arcrank > -1 And ( CONCAT(arc.title,' ',arc.writer,' ',arc.keywords) like '%xxxx%' ) order by arc.sortrank desc limit -10,10
修复方案：
php错误不回显