22 matches found
ShopNC mall system suffers from an override access vulnerability
Tianjin Netcity Tianchuang Technology Limited Liability Company is a company mainly engaged in computer software, electronic information technology, computer network technology development and other projects. ShopNC mall system has an override access vulnerability that can be exploited by attacke...
shopNC index.php parameter order SQL injection vulnerability
No description provided by source...
shopnc /circle/index.php groupbuy_order参数 SQL注入漏洞
No description provided by source...
shopnc /shop/index.php?act=member&op=address&inajax=1 sql注入漏洞(需要登录)
No description provided by source...
shopNC member_address.php SQL注入漏洞
No description provided by source...
shopnc /circle/index.php SQL注入漏洞
No description provided by source...
shopnc o2o版 3处 SQL注入漏洞
No description provided by source...
shopnc o2o版 index.php?act=payment&op=notify SQL注入漏洞
No description provided by source...
shopNC B2B版 /microshop/index.php处存在SQL注入漏洞
No description provided by source...
ShopNC删除任意用户信息(Demo演示)
简要描述: 通用 详细说明: 越权漏洞 漏洞证明: 账号A,账号B 在账号A修改截断,然后修改ID为账号B的ID 或者遍历都可以 后头来看账号A多了一个 而账号B的资料已经被删除 如果我们遍历ID那么 全站资料可以被删除...
Shopnc Software Backend Arbitrary Code Execution Vulnerability
ShopNC mall system is a set of multi-store mode mall system developed by Tianjin Netcity Tianchuang Technology Co. There is an arbitrary code execution vulnerability in the backend of shopnc software, due to the operation process did not check whether the content of the field of the advertising...
shopNC O2O系统任意文件删除漏洞
简要描述: 齐博齐博快确认,确认了我再送个0day shopNC的任意文件删除挺多的,我拿O2O系统来说明问题吧。 详细说明: /circle/control/cut.php 46行 / 图片裁剪 / public function piccutOp import'function.thumb'; if chksubmit $thumbwidth = $POST'x'; $x1 = $POST"x1"; $y1 = $POST"y1"; $x2 = $POST"x2"; $y2 = $POST"y2"; $w = $POST"w"; $h = $POST"h"; $scale =...
shopnc b2b /modules/microshop/index.php 任意文件删除漏洞
No description provided by source...
shopnc最新版存储型xss漏洞
简要描述: shopnc存储型xss漏洞 详细说明: shopnc版本测试http://www.shopnctest.com/c2c/2013/demo/ shopnc用户个人主页处存在存储型XSS,可以获取用户敏感cookie信息。 在买家首页,分享心情处 测试代码为:"alertdocument.cookie// cookie收信平台 "alertdocument.cookie/ 如图 漏洞证明: 如上描述...
E-Commerce system ShopNC multiple vulnerabilities can be combined with violence getshell-a vulnerability warning-the black bar safety net
Foreword ShopNC is a network city create want to the company's service to business customers in the e-Commerce system, based on PHP5 technology uses the MVC pattern development, this article describes shopnc multiple vulnerabilities combined,can be getshell a little violent-- ! Arbitrary file...
ShopNc 6.0 /index.php SQL注入漏洞
No description provided by source...
ShopNC一处信息泄露可导致任意用户订单泄露
简要描述: ShopNC在前台的用户隐私信息防护做得很好,但忽略了一处api的防护,导致漏洞产生 漏洞可直接获取包含用户订单详情的json字符串 详细说明: 使用官方商城做演示(http://www.shopnctest.com/c2c/2013/test/ 用户名shopnc 密码shopnc) url:http://www.shopnctest.com/c2c/2013/test/mobile/28aeb56bf14c9a5f826f8ad65bc6d7f0.php?commend=orderdetail&orderid=570 oderid变量可遍历 正确返回是这样的:...
shopnc 6.0 single-user version of the injection-vulnerability warning-the black bar safety net
shopnc 6.0 single-user version Shopnc version a little bit more yeah all the Don't remember which. ShopNC®Tianjin network-city science and Technology Co., Ltd. Copyright© 2007-2009 ShopNC, Powered by ShopNC Team , All Rights Reserved Jin ICP 备 0 8 0 0 0 1 7 No. 1 Baidu just a search one. This...
shopnc最新版一处csrf可刷关注
简要描述: 听说通用型漏洞有奖励! 详细说明: 点击关注,抓包,为get类型,变量为被关注的id。 测试地址,官方测试网站: http://www.multibuy.cn/index.php?act=membersnsfriend&op=find 漏洞证明: 。...
shopNC商城CMS SQL注入漏洞
简要描述: shopNC商城CMS注入漏洞,大量网站等着被脱裤子。 详细说明: 输入关键字,随便点击一个试一下 漏洞证明:...