shopex the latest version front an unexpected SQL injection vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201340435
Type myhack58
Reporter blue
Modified 2013-09-06T00:00:00


shopex code The core of the place to do the encryption process, to find loopholes just need a little imagination, such as thisSQL injection...

Exists in the user registry(can't think of the location?)

/core/shop/controller/ctl.passport.php 2 6 7 row

if( !$ info = $account->create($_POST,$message) ) {


  1. See 1, think there is no possible$account->create is foreach the $_POST structure of sql statements?

  2. Look at the data table structure:


Decisive when it is submitted$_POST Riga into the member_id of the test(actually the test I also tried mobile, etc., Hey, just pick up the useful field), and then have the following diagram:



When the Insert is removed member_id, traversing the splicing sql statement or pay more attention to the point it ~