ShopEx an injection vulnerability fix is not complete-bug warning-the black bar safety net

2015-03-15T00:00:00
ID MYHACK58:62201559937
Type myhack58
Reporter 佚名
Modified 2015-03-15T00:00:00

Description

In the clouds to see this

http://wooyun.org/bugs/wooyun-2014-088313

So hand cheap points to open, found that the repair is not complete.

It turned out what seemed like protection are not, now parameter to add the double quotes and braces to protect, turned into("xxx")like this, can still be injected.

! [2. png](http://hackdig-h.stor.sinaapp.com/pictures/month_1503/201503142342474804.png)

! [1. png](http://hackdig-h.stor.sinaapp.com/pictures/month_1503/201503142342488716.png)

Vulnerability to prove:

! [1. png](http://hackdig-h.stor.sinaapp.com/pictures/month_1503/201503142342488716.png)

Repair solutions:

Can't repair the injection? on. Outrageous escape or filter all good..