ShopWind SQL Injection Vulnerability

ShopWind is a China ShopWind company based on Yii2.0 framework deep refactoring of B2B2C, O2O industry e-commerce system software. ShopWind 3.4.2 and previous versions have SQL injection vulnerability, attackers can use the vulnerability to execute illegal SQL commands to steal sensitive data fro...

SQL Injection Vulnerability in LifeTone O2O System of Hefei Pishi Internet Information Technology Co.

LifeTone O2O system is a comprehensive O2O system for building localized life services. Hefei Pishi Internet Information Technology Co., Ltd LifeTone O2O system has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

Fanwe O2O /mapi/Lib/core/common.php 敏感信息泄漏

No description provided by source...

方维O2O系统 后台越权漏洞泄露用户详细地址

No description provided by source...

Fanwe O2O商业系统 ajaxModule.class.php SQL注入漏洞

No description provided by source...

shopnc o2o版 3处 SQL注入漏洞

No description provided by source...

shopnc o2o版 index.php?act=payment&op=notify SQL注入漏洞

No description provided by source...

DaMall商城系统httphandler/getdata.ashx SQL注入漏洞

0x01 框架介绍 商城网站建设-damall多功能商城建站系统,支持B2C2C,O2O模式...DaMall商城建站系统采用强劲的.NET企业级平台研发,可兼容多行业、多模式的业务特点以及扩展需求。 官方主页：http://www.bg68.com 0x02 漏洞细节 漏洞页面： http://mall.bg68.com/httphandler/getdata.ashx 参数brandid 部分用户案例： http://mall.hicay.com/httphandler/getdata.ashx http://w16.cxecs.com/httphandler/getdata.ash...

Fanwe O2O商业系统index.php处的POST参数topic_id存在SQL注入漏洞

No description provided by source...

Takeaway O2O App security analysis: the App vulnerability assessment platform technical details-vulnerability warning-the black bar safety net

In the mobile Internet and O2O tide swept under, the takeaway market is gradually entering the white-collar field, at BAT three giants throwing money to cultivate the market, white-collar workers have to change eating habits. As long as it is imprisoned in the white collar does not substantially ...

Automotive service O2O was raging, the product safety who to pay attention-vulnerability warning-the black bar safety net

Off to 2 0 1 5 years 4 months, our country motor vehicle retains the quantity has reached 2. 6 4 million vehicles, in the face of nearly a trillion level of automotive after-market, all kinds of automotive service O2O platform competing to rise, 2 0 1 4 years O2O automotive after-market field...

方维o2o系统完整版的CSRF蠕虫(通过传播蠕虫来刷粉丝)#4

简要描述： 方维o2o系统完整的CSRF蠕虫利用传播蠕虫刷粉丝，附上我的思路4，4个通用啦。方维厂商良心厂商啊，礼物不要了请我去吃个方便面就行了！ 详细说明： 漏洞证明： None...

方维O2O商业系统SQL注入漏洞+XXE实体注入（demo验证）

简要描述： RT 详细说明： 方维O2O，demo站点地址：http://o2odemo.fanwe.net/ /cpapi/qxtapi.php define"FILEPATH","/cpapi"; requireonce '../system/systeminit.php'; $ip = CLIENTIP; $xml = filegetcontents'php://input'; if$ip!='221.179.180.156' || $xml=="" header"Content-Type:text/html; charset=utf-8"; echo "·Ç·¨·ÃÎÊ";...

shopNC O2O系统任意文件删除漏洞

简要描述： 齐博齐博快确认，确认了我再送个0day shopNC的任意文件删除挺多的，我拿O2O系统来说明问题吧。 详细说明： /circle/control/cut.php 46行 / 图片裁剪 / public function piccutOp import'function.thumb'; if chksubmit $thumbwidth = $POST'x'; $x1 = $POST"x1"; $y1 = $POST"y1"; $x2 = $POST"x2"; $y2 = $POST"y2"; $w = $POST"w"; $h = $POST"h"; $scale =...

方维O2O城市生活服务平台后门任意文件上传漏洞（官网演示getshell）

简要描述： 用户好像不太多，但基本都有这个后门文件 详细说明： 后门文件路径 /esfile.php 官网介绍 http://www.fanwe.com/o2o 前台演示地址:http://o2o.fanwe.net/ 会员账号：fanwe 密码：fanwe http://o2o.fanwe.net/index.php?ctl=uccenter 分享处上传图片马 F12去掉尺寸，得到图片马地址 http://o2o.fanwe.net/public/comment/201404/17/10/1acafed8eeffa043489a4321b877e36690.jpg Getshell...