B2Bbuilder v7.0.1 install.php 设计缺陷可无限制getshell

0x01漏洞简介 B2Bbuilder v7.0.1 在文件install.php处存在一个设计缺陷，导致可无限制getshell。 0x02漏洞详情 /install/install.php if$action == "setup" //检查参数是否完整 $dbhost = $GET'dbhost'; $port = $GET'port'; $dbname = $GET'dbname'; $dbuser = $GET'dbuser'; $dbpassword = $GET'dbpassword'; $tableprefix = $GET'tableprefix'; $guid =...

B2Bbuilder index.php?m=message&s=admin_message_list_savebox SQL注入漏洞

No description provided by source...

B2Bbuilder index.php?m=message&s=inquire SQL注入漏洞

No description provided by source...

B2Bbuilder index.php?m=message&s=admin_message_list_inbox SQL注入漏洞

No description provided by source...

B2Bbuilder index.php?m=buy&s=admin_buy&ajax=1 SQL注入漏洞

No description provided by source...

B2Bbuilder v6.10 ajax_back_end.php 文件 catid 参数SQL注入漏洞

No description provided by source...

SQL Injection Vulnerability in Latest Version of B2Bbuilder

B2Bbuilder is a PHP MySQL-based open source B2B e-commerce industry portal solution , using B2Bbuilder can be deployed to build B2B e-commerce industry websites , or local portals . B2Bbuilder latest version of the existence of SQL injection vulnerability, !empty$POST"cat"&&!empty$GET"id", $s is...

B2Bbuilder the latest version of the sql injection second-vulnerability warning-the black bar safety net

看 到 module\company\admin\businessinfolist.php PHP | 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 9 2 0 2 1 | ? php $status=array'-1'=langshow'notpass','0'=langshow'wpass','1'=langshow'auditpass'; ifisset$GET'step' if$GET'step'=="del" $db-query"delete from ". CERTIFICATION." where...

B2Bbuilder 7.0.1 /main.php SQL注入漏洞

No description provided by source...

B2Bbuilder 6.6 /includes/function.php SQL注入漏洞

No description provided by source...

B2Bbuilder 6.6 module/brand/detail.php SQL注入漏洞

No description provided by source...

B2BBuilder two injection+background arbitrary code execution exploit-vulnerability warning-the black bar safety net

1, The B2BBuilder head injection background arbitrary code execution The structure of the head test: x-forwarded-for:' andselect 1 fromselect count,concatselect select select concat0x7e,0x27,password,user,0x27,0x7e from b2bbuilderadmin limit 0,1 from informationschema. tables limit 0,1,floorrand0...

B2BBuilder recent vulnerability-vulnerability warning-the black bar safety net

1, The B2BBuilder head injection background arbitrary code execution The structure of the head test: 1 x-forwarded-for:' andselect 1 fromselect count,concatselect select select concat0x7e,0x27,password,user,0x27,0x7e from b2bbuilderadmin limit 0,1 from informationschema. tables limit...

b2bbuilder 6.6 /install/install.php 安全模式绕过

No description provided by source...

B2Bbuilder 6.6 /module/brand/brand_list.php SQL注入漏洞

No description provided by source...

b2bbuilder 6.6 /rewiew_detail.php SQL注入漏

No description provided by source...

B2Bbuilder 6.6 module/offer/oferr_list.php SQL注入漏洞

No description provided by source...

B2Bbuilder injection vulnerability+Exp+the default administrator account-vulnerability warning-the black bar safety net

The test version of the program is: B2Bbuilderv6. 6 http://www.site.com/?m=offer&s=offerlist&id=1 0 0 4+and%28select+1+from%28select+count%2 8%2 9%2Cconcat%2 8% 2 8 select+%28select+%28select+concat%280x27%2C0x7e%2Cb2bbuilderadmin. user,0x27,password %2C0x27%2C0x7e%2 9+from+%60b2bbuilder%6 0...