ecshop SQL注入漏洞 admin/shopinfo.php ecshop SQL注入漏洞

最新推荐文章于 2024-07-18 16:43:09 发布
最新推荐文章于 2024-07-18 16:43:09 发布
阅读量6.4k 收藏 1
点赞数
CC 4.0 BY-SA版权
分类专栏: linux
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/wirenc/article/details/52971770

阿里云这点做的很厚道,真心不错

/home/wwwroot/admin/shopinfo.php
ecshop SQL注入漏洞
先备份好文件后再操作

/admin/shopinfo.php修复方法(大概在第53、71、105、123行,4个地方修复方式都一样) admin_priv(‘shopinfo_manage’); 修改为 admin_priv(‘shopinfo_manage’); REQUEST[id]=intval(_REQUEST[‘id’]); 

   /admin/shophelp.php修复方法(大概在第81、105、133、155行,4个地方修复方式都一样)      admin_priv('shophelp_manage');      修改为      admin_priv('shophelp_manage'); $_POST['id'] = intval($_POST['id']);

>
/home/wwwroot/www.hxfudao.com/admin/affiliate_ck.php
ecshop SQL注入漏洞

[ vulhub漏洞复现篇 ] ECShop 4.x collection_list SQL注入
qq_51577576的博客
10-01 2022
[ vulhub漏洞复现篇 ] ECShop 4.x collection_list SQL注入ECShop是上海商派网络科技有限公司(ShopEx)旗下——B2C独立网店系统,适合企业及个人快速构建个性化网上商店,系统是基于PHP语言及MYSQL数据库构架开发的跨平台开源程序。
[ vulhub漏洞复现篇 ] ECShop 2.x / 3.x SQL注入/远程执行代码漏洞 xianzhi-2017-02-82239600
qq_51577576的博客
09-25 1448
[ vulhub漏洞复现篇 ] ECShop 2.x / 3.x SQL注入/远程执行代码漏洞 xianzhi-2017-02-82239600 ECShop是一个B2C独立商店系统,供公司和个人快速建立个性化的在线商店。该系统是基于PHP语言和MYSQL数据库体系结构的跨平台开源程序。在2017年及之前的版本中,存在一个SQL注入漏洞,该漏洞可能会注入有效载荷并最终导致代码执行漏洞。最新版本的3.6.0已修复此漏洞,vulhub使用其最新版本2.7.3和3.6.0非最新版本来重现该漏洞
ecshop测试_ECShop最新4.1.0前台免登录SQL注入0day漏洞披露与分析
weixin_36124631的博客
01-19 1333
0x00 漏洞概述影响版本:ecshop4.1.0及以下是否需要身份认证:否,前台漏洞漏洞类型:SQL注入CNVD编号:CNVD-2020-58823,https://www.cnvd.org.cn/flaw/show/2454613漏洞来源:xcheck代码安全检查源码获取:https://www.ecshop.com/,登录注册下载,最新版本为4.1.1(已修复)。0x01 漏洞详情...
ecshopsafety.php,ecshop 后台注入
weixin_33464488的博客
03-12 128
测试版本是v3.0.0 RELEASE 20160518。由于全局包含了一个文件require_once(dirname(__FILE__) . '/safety.php');然而这个正则还无法绕过$args_arr=array('xss'=>"[\\'\\\"\\;\\*\\].*\\bon[a-zA-Z]{3,15}[\\s\\r\\n\\v\\f]*\\=|\\b(?:expressi...
ecshopsafety.php,Ecshop前台sql注入(20171228)
weixin_36250086的博客
03-12 208
这里我需要说明一下echsop具备全局的一个安全转义全局文件:/includes/init.phpif (!get_magic_quotes_gpc()){if (!empty($_GET)){$_GET = addslashes_deep($_GET);}if (!empty($_POST)){$_POST = addslashes_deep($_POST);}$_COOKIE = addsla...
ecshop 漏洞集合
论文数据分析辅导,;论文人工智能辅导 huazhongxiaosx
12-01 3072
ECSHOP漏洞汇总-漏洞修改记录 更新时间:2017-03-23 点击量:1228 以下为网络内容转载,仅供技术研究。 1. 漏洞名称: ecshop注入漏洞修复 补丁编号: 2862905 补丁文件: /api/client/includes/lib_api.php 补丁来源: 云盾自研 更新时间: 漏洞描述: ecshop存在一个盲注漏洞,问题存在于/api/client/
php前台登录 sql注入_ECShop 4.0 前台SQL注入漏洞分析(需用户注册)
weixin_39711867的博客
03-09 629
#00 前言前两天看到有公众号发了ECShop注入分析漏洞,所以想看下与笔者挖的是否重复,看完还是非常佩服作者的分析水平,基于Nday然后对整个利用链进行回溯分析,从而发现0day,对代码审计人员帮助颇多,不过这个漏洞需要用户注册,严格意义上来讲需要进行用户认证,因此危害性还不至于那么广泛。#01 漏洞分析整个漏洞利用链是基于两年前广泛流传的ECShop RCE漏洞链来的,笔者在挖掘ECShop...
Eecshop 4.x collection_list SQL注入 漏洞复现
weixin_44896127的博客
12-20 841
Eecshop 4.x collection_list SQL注入漏洞复现。
ecshop全系列SQL注入漏洞分析
d59hao的博客
05-04 429
referer值未加判断直接引用,可被攻击者控制输入利用_echash = “554fcae493e564ee0dc75bdf2ebf94ca” 为定值进行切分,构造payload利用反序列化漏洞,构造payload,传输恶意代码insert_ads函数的SQL拼接不规范导致存在SQL注入make_val函数拼接字符串输入,_eval中调用用户输入通过eval最终导致任意命令执行。
大商创多用户商城系统 多处SQL注入漏洞复现
0xSec
04-04 1208
大商创多用户商城系统ajax_dialog.php、wholesale_flow.php等接口处存在SQL注入漏洞,未经身份验证攻击者可通过输入恶意SQL代码,突破系统原本设定的访问规则,未经授权访问、修改或删除数据库中的各类敏感信息,包括但不限于员工个人资料、企业核心业务数据等。进一步利用可获取服务器权限。
ecshop调用函数集锦,以及详细说明
12-05
ecshop二次开发以及初学ecshop模板制作必备的代码集锦,调用大全
ECSHOP后台操作
04-08
ECSHOP后台操作手册PHP,开源官方手册。
ecshop后台操作90个小问题(很常见的问题).txt
02-02
ecshop后台操作90个小问题(很常见的问题).txt
shopex admincore.php,Shopex后台登录页面注入漏洞附利用POC
weixin_39653622的博客
03-10 450
对登录时传递的某参数未做过滤,导致注入的产生最近做二次开发的时候看到了登录的流程发现在文件\shopex\core\admin\controller\ctl.passport.php处理了验证码,管理帐号和密码,但是在最底下发现一个sess_idfunction certi_validate(){$cert = $this->system->loadModel('service/cer...
ECShop 2.x/3.x SQL注入/任意代码执行漏洞复现
weixin_51387754的博客
11-15 429
漏洞原理 ECShop是一款B2C独立网店系统,适合企业及个人快速构建个性化网上商店。系统是基于PHP语言及MYSQL数据库构架开发的跨平台开源程序。 其2017年及以前的版本中,存在一处SQL注入漏洞 ,通过该漏洞注入恶意数据,最终导致任意代码执行漏洞。 影响版本 ECShop 2.x ECShop 3.x 漏洞复现 (root????guiltyfet)-[/home/guiltyfet/vulhub/ecshop/xianzhi-2017-02-82239600] └─# docker-compos
Ecshop支付宝插件SQL注入漏洞利用(exp)
热门推荐
Exploit的小站~
05-10 3万+
 0x00 在\includes\modules\payment\alipay.php文件中,有一个response函数用来处理支付信息,在ECSHOP的init初始化文件中,默认是做了全局转义的,而这个漏洞的精髓在于绕过全局转义。 在$order_sn=str_replace($_GET['subject'],'',$_GET['out_trade_no']);中...
ECSHOP商城系统过滤不严导致SQL注入漏洞
盐碘
03-19 1599
添加时间: 2009-05-25 系统编号: WAVDB-01431 影响版本: ECSHOP 2.6.1/2.6.2 程序介绍:  ECSHOP是一款开源免费的网上商店系统。由专业的开发团队升级维护,为您提供及时高效的技术支持,您还可以根据自己的商务特征对ECSHOP进行定制,增加自己商城的特色功能。 漏洞分析: 文件includes/init.php判断g
关于Ecshop 各种漏洞修复 pages.lbi.php Xss漏洞的修复
xocom的专栏
09-11 1298
1:关于Ecshop pages.lbi.php Xss漏洞的修复 直接访问temp/compiled/pages.lbi.php时,浏览源文件,会发现如下代码: <form name="selectPageForm" action="temp/compiled/pages.lbi.php" method="get"> 显然这个form是不完全的。当构造这样的url访问时,会造成...
ecshop 2.x/3.x SQL注入/代码执行
qq_23003811的博客
07-18 468
ECShop是一款B2C独立网店系统,适合企业及个人快速构建个性化网上商店。系统是基于PHP语言及MYSQL数据库构架开发的跨平台开源程序。其2017年及以前的版本中,存在一处SQL注入漏洞,通过该漏洞注入恶意数据,最终导致任意代码执行漏洞,其3.6.0最新版已修复该漏洞。3、在Referer处修改payload。1、漏洞发生是在会员登录页面。2、生成payload的脚本。
Action() { web_add_cookie("ECS_ID=d3a982c70109359a9e4b14c349b7a8f43fc01bb3; DOMAIN=192.168.77.133"); web_add_cookie("ECS[visit_times]=1; DOMAIN=192.168.77.133"); web_add_auto_header("Accept-Language", "zh-CN,zh;q=0.9"); web_url("ecshop", "URL=http://192.168.77.133/ecshop/", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=", "Snapshot=t1.inf", "Mode=HTML", EXTRARES, "Url=themes/default/images/topNavBg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/bg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/foucsBg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/NavBg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/box_2Bg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/h3title.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/bnt_search.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/lineBg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/catBg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/itemH2Bg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/topNavR.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/searchBg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/inputbg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=data/flashdata/dynfocus/data.js", ENDITEM, "Url=themes/default/images/helpTitBg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/logo1.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/footerLine.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/uh_bg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/bnt_ur_log.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/ur_bg.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, "Url=themes/default/images/ur_bg1.gif", "Referer=http://192.168.77.133/ecshop/themes/default/style.css", ENDITEM, LAST); web_url("bnt_log.gif", "URL=http://192.168.77.133/ecshop/user.php", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/", "Snapshot=t2.inf", "Mode=HTML", LAST); web_set_sockets_option("SSL_VERSION", "AUTO"); lr_think_time(15); web_submit_data("user.php", "Action=http://192.168.77.133/ecshop/user.php", "Method=POST", "TargetFrame=", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/user.php", "Snapshot=t3.inf", "Mode=HTML", ITEMDATA, "Name=username", "Value=test0042", ENDITEM, "Name=password", "Value=123456", ENDITEM, "Name=act", "Value=act_login", ENDITEM, "Name=back_act", "Value=http://192.168.77.133/ecshop/", ENDITEM, "Name=submit", "Value=", ENDITEM, LAST); web_url("诺基亚E66", "URL=http://192.168.77.133/ecshop/goods.php?id=9", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/", "Snapshot=t4.inf", "Mode=HTML", LAST); web_url("cron.php", "URL=http://192.168.77.133/ecshop/api/cron.php?t=1753254435", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/goods.php?id=9", "Snapshot=t5.inf", "Mode=HTML", EXTRARES, "Url=../themes/default/images/commentsBnt.gif", "Referer=http://192.168.77.133/ecshop/goods.php?id=9", ENDITEM, LAST); web_url("goods.php", "URL=http://192.168.77.133/ecshop/goods.php?act=price&id=9&attr=227&number=1&1753254436206206", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/goods.php?id=9", "Snapshot=t6.inf", "Mode=HTML", LAST); web_custom_request("flow.php", "URL=http://192.168.77.133/ecshop/flow.php?step=add_to_cart", "Method=POST", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/goods.php?id=9", "Snapshot=t7.inf", "Mode=HTML", "Body=goods={\"quick\":1,\"spec\":[\"227\"],\"goods_id\":7,\"number\":\"1\",\"parent\":0}", LAST); web_url("flow.php_2", "URL=http://192.168.77.133/ecshop/flow.php?step=cart", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/goods.php?id=9", "Snapshot=t8.inf", "Mode=HTML", LAST); web_url("checkout", "URL=http://192.168.77.133/ecshop/flow.php?step=checkout", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/flow.php?step=cart", "Snapshot=t9.inf", "Mode=HTML", LAST); web_url("flow.php_3", "URL=http://192.168.77.133/ecshop/flow.php?step=select_shipping&shipping=5&1753254446354354", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/flow.php?step=checkout", "Snapshot=t10.inf", "Mode=HTML", LAST); web_url("flow.php_4", "URL=http://192.168.77.133/ecshop/flow.php?step=select_payment&payment=1&1753254449555555", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/flow.php?step=checkout", "Snapshot=t11.inf", "Mode=HTML", LAST); web_url("flow.php_5", "URL=http://192.168.77.133/ecshop/flow.php?step=select_pack&pack=0&1753254451388388", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/flow.php?step=checkout", "Snapshot=t12.inf", "Mode=HTML", LAST); web_url("flow.php_6", "URL=http://192.168.77.133/ecshop/flow.php?step=select_card&card=0&1753254453200200", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/flow.php?step=checkout", "Snapshot=t13.inf", "Mode=HTML", LAST); web_url("flow.php_7", "URL=http://192.168.77.133/ecshop/flow.php?step=check_surplus&surplus=0&1753254455323323", "TargetFrame=", "Resource=0", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/flow.php?step=checkout", "Snapshot=t14.inf", "Mode=HTML", LAST); web_submit_data("flow.php_8", "Action=http://192.168.77.133/ecshop/flow.php?step=done", "Method=POST", "TargetFrame=", "RecContentType=text/html", "Referer=http://192.168.77.133/ecshop/flow.php?step=checkout", "Snapshot=t15.inf", "Mode=HTML", ITEMDATA, "Name=shipping", "Value=5", ENDITEM, "Name=payment", "Value=1", ENDITEM, "Name=pack", "Value=0", ENDITEM, "Name=card", "Value=0", ENDITEM, "Name=card_message", "Value=", ENDITEM, "Name=bonus", "Value=0", ENDITEM, "Name=bonus_sn", "Value=", ENDITEM, "Name=postscript", "Value=", ENDITEM, "Name=how_oos", "Value=0", ENDITEM, "Name=x", "Value=91", ENDITEM, "Name=y", "Value=20", ENDITEM, "Name=step", "Value=done", ENDITEM, LAST); return 0; } 在此代码中,为什么关联不到ECS_ID
最新发布
07-24
我们正在处理一个关于LoadRunner脚本中web_add_cookie设置的ECS_ID未被正确关联的问题。 根据用户提供的信息,我们需要分析可能的原因并提供解决方法。 引用[4]提到了LoadRunner的三大组件,其中VuGen用于编写...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值