24 matches found
SQL Injection Vulnerability in LebiShop (Multi-language Online Shopping Mall System)
Lebi multilingual online shopping mall system LebiShop, free , full open source , support for secondary development . NET 4.5 C language development , using SQL Server and MySQL database . LebiShop has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive...
Login Bypass Vulnerability in LebiShop (Multi-Language Online Shopping Mall System)
Lebi multilingual online shopping mall system LebiShop, free , full open source , support for secondary development . NET 4.5 C language development , using SQL Server and MySQL database . LebiShop has a login bypass vulnerability that can be exploited by an attacker to log in to the backend of t...
LebiShop Mall Backend Arbitrary File Write Vulnerability
LebiShop mall system is an online mall system using ASP.NET language. The system is widely used in small and medium-sized e-commerce enterprises. The mall system's management background provides a system template file editing function, the function of the page file parameters have not been strict...
LebiShop Mall Backend Arbitrary File Reading Vulnerability
LebiShop mall system is an online mall system using ASP.NET language. The system is widely used in small and medium-sized e-commerce enterprises. The management background of this mall system provides the editing function of the system template file. The file parameter of this function page is no...
LebiShop Mall Log Unauthorized Access Vulnerability
LebiShop mall system is an online mall system using ASP.NET language. The system is widely used in small and medium-sized e-commerce enterprises. The payment-related log information of this mall system is stored in the Web directory and uses date commands, and the log files leak sensitive...
LebiShop Mall Backend Select Skin Catalog Traversal Vulnerability
LebiShop mall system is an online mall system using ASP.NET language. The system is widely used in small and medium-sized e-commerce enterprises. The administrative background of this mall system provides a template management function , when editing the pages in the template , it provides the...
LebiShop Mall Backend Template Arbitrary File Write Vulnerability
LebiShop mall system is an online mall system using ASP.NET language. The system is widely used in small and medium-sized e-commerce enterprises. The management background of the mall system provides a generate template or generate a single page in the template function, which can generate the...
LebiShop Mall Backend Catalog Traversal Vulnerability
LebiShop mall system is an online mall system using ASP.NET language. The system is widely used in small and medium-sized e-commerce enterprises. The mall system's management background provides a system template management function , the function in the system template to browse files related to...
LebiShop ajax/Ajax_order.aspx SQL注入漏洞
No description provided by source...
LebiShop网店系统多处存储型XSS
简要描述: 某网店系统多处存储型XSS 详细说明: 发表主题 标题处可以插入 内容可以插入 发布直接出发 点击就触发 回复也可以插入 登陆账号来到社区就触发可以看到 https:...
LebiShop商城系统无需登录getshell
简要描述: www.lebi.cn 十余年累计被 上万 个中小网站采用LebiShop = =官方demo 演示。 详细说明: 漏洞文件 http://demo.lebi.cn/ajax/imageuploadone.aspx 无需验证 参数path可控,这里修改为path=../config.asp 默认path 为upload。 官方限制目录执行了。但可绕过该上传目录。 利用iis 解析漏洞成功getshell。 漏洞证明: 如图。...
LebiShop系统sql注入完结(两处注入)
简要描述: LebiShop商城系统最新版SQL注入 demo站点测试成功 最后两处 详细说明: 注入一 \onlinepay\wangyinzaixian\AutoReceive.aspx 源码如下 protected void PageLoadobject sender, EventArgs e this.void = base.Request"void"; //没处理 LebiOnlinePay onlinePay = Money.GetOnlinePaythis.void; //跟进 if onlinePay == null base.Response.Write"系统错误";...
LebiShop系统sql注入四(四处注入)
简要描述: LebiShop商城系统最新版SQL注入 四处 demo站点测试成功 详细说明: 注入一 二 主要漏洞代码一样 http://demo.lebi.cn/onlinepay/95epay/PayNotify.aspx http://demo.lebi.cn/onlinepay/95epay/PayResult.aspx 共同源码如下 protected void PageLoadobject sender, EventArgs e this.MerNo = HttpContext.Current.Request.Params"MerNo".ToString; this.Bill...
LebiShop系统sql注入三(两处注入)
简要描述: LebiShop商城系统最新版SQL注入二 四处 官方demo演示 详细说明: 注入一 http://demo.lebi.cn/onlinepay/tenpayJSDZ/payNotifyUrl.aspx 源码如下 protected void PageLoadobject sender, EventArgs e string where = base.Request"outtradeno"; //没处理 LebiOrder model = BLebiOrder.GetModelwhere; //跟进 if model == null...
LebiShop系统sql注入二(四处注入)
简要描述: LebiShop商城系统最新版SQL注入二 四处 官方demo演示 当前版本: V3.2.00 更新日期: 2015-01-27 详细说明: 注入一 LebiShop\onlinepay\dinpay\returnurl.aspx 源码如下 protected void PageLoadobject sender, EventArgs e string str = base.Request.Form"merchantcode".ToString.Trim; string str2 = base.Request.Form"notifytype".ToString.Trim;...
LebiShop系统sql注入一(四处注入)
简要描述: LebiShop商城系统最新版SQL注入 四处 2015-01-27 更新 详细说明: 第一处 LebiShop\onlinepay\dinpay\notifyurl.aspx 源码如下 protected void PageLoadobject sender, EventArgs e string str = base.Request.Form"merchantcode".ToString.Trim; string str2 = base.Request.Form"notifytype".ToString.Trim; string str3 =...
LebiShop商城系统最新版漏洞大礼包
简要描述: LebiShop商城系统最新版漏洞大礼包,包括任意用户密码修改,密码重置,某接口直接拖库等 详细说明: LebiShop商城系统最新版漏洞大礼包 第一个任意用户密码修改 在修改用户登陆密码和支付密码是都没有验证原始密码 在发送修改密码请求时,只需要遍历COOKIE中的userid即可修改全部用户密码 shop.ajax.ajaxuserin文件中的setpassword方法 // Shop.Ajax.Ajaxuserin public void SetPassword string PWD = RequestTool.RequestString"Password"; PWD ...
LebiShop商城系统最新版任意用户登陆
简要描述: LebiShop商城系统最新版任意用户登陆 详细说明: LebiShop商城系统最新版Powered by LebiShop V3.1.01,存在任意用户登陆 官方demo测试 http://plus.demo.lebi.cn/——可注册普通用户和商家用户 http://demo.lebi.cn/——可注册普通用户 我们使用http://plus.demo.lebi.cn/进行测试 首先我们注册一个普通用户222222,并登陆 注意这里的COOKIE中user的值,id=37,这里是用户222222的用户userid...
LebiShop商城系统最新版设计缺陷及XSS盲打后台
简要描述: LebiShop商城系统最新版设计缺陷及XSS盲打后台 详细说明: LebiShop商城系统最新版验证码存在设计缺陷可无视验证码,及存储型XSS盲打后台 验证码设计缺陷: LebiShop商城系统有两者验证码验证方式 1、直接判断POST提交的验证码已经COOKIE中的验证码是否相等 如前台普通用户登陆时 // Shop.Ajax.Ajaxuser public void UserLogin string verifycode = RequestTool.RequestString"verifycode"; string code =...
LebiShop商城系统最新版多处SQL注入七
简要描述: LebiShop商城系统最新版多处SQL注入七 详细说明: LebiShop商城系统最新版多处SQL注入 这里也是需要有商家账号权限 首先注册普通用户账户,然后申请注册商家账户 申请商家用户是默认开发注册的 第一个地方我们来看:Shop.Supplier.Ajax.ajaxorder文件 下面依次列举出存在SQL注入的方法 BankDel方法 // Shop.Supplier.Ajax.ajaxorder public void BankDel if !base.Power"supplierbanklist", "付款账号" base.AjaxNoPower; return;...