20 matches found
XpShop Mall System Vulnerability in Shenzhen Xinpu Software Development Co.
Shenzhen Xinpu Software Development Co., Ltd. is an e-commerce system development as the core of the station-building company. Shenzhen Xinpu Software Development Co., Ltd XpShop mall system has an override access vulnerability, which can be exploited by attackers to obtain sensitive information...
xpshop preview.aspx SQL注入
No description provided by source...
xpshop comorder.aspx SQL注入
No description provided by source...
xpshop AutoComplete.aspx sql注入
No description provided by source...
xpshop memberlostpass.aspx SQL注入
No description provided by source...
xpshop comorder.aspx SQL注入
No description provided by source...
xpshop myrefund.aspx SQL注入
No description provided by source...
xpshop CheckOut.aspx SQL注入
No description provided by source...
xpshop ajax.aspx AreaName参数 SQL注入
No description provided by source...
xpshop网店系统 xpshop.webui.Show SQL 注入
漏洞位置xpshop.webui.Show: private void GetImgstring pids ProductDB productDB = new ProductDB; DataTable thumbnailImg = productDB.GetThumbnailImgpids; thumbnailImg.TableName = "Products"; base.Response.WriteXpShopJson.DtToJSONthumbnailImg; 这里是问题函数,我就不写怎么跟进来的,就是pageload,等下直接用payload测试就好了,官网demo的。...
xpshop网店系统sql注入(demo演示)
简要描述: 详细说明: 漏洞位置:xpshop.webui.MyRefund protected void PageLoadobject sender, EventArgs e if Utils.requestbase.Request.QueryString"type" && Utils.requestbase.Request.QueryString"Action" string text = base.Request.QueryString"Action"; if text != null if !text == "GetImg" if text == "GetPackageGID"...
xpshop网店系统sql注入(官网demo演示)
简要描述: 详细说明: 漏洞位置:xpshop.webui.MyRefund protected void PageLoadobject sender, EventArgs e if base.CurrentUser == null string str = "Login.aspx?ReturnUrl=/" + WebUIBase.ShopFolder + "MyRefund.aspx"; base.Response.Redirect"/" + WebUIBase.ShopFolder + str; else if base.CurrentUser.Name == "anonymous"...
xpshop网店系统sql注入
简要描述: 详细说明: 漏洞位置:xpshop.webui.MemberLostpass protected void btnSendClickobject sender, EventArgs e this.btnSend.Enabled = false; if int.ParseUtils.GetTableValues"Member", "CountMemberID", "Name", this.txtAccount.Text.Trim, " And Email = '" + this.txtEmail.Text.Trim + "'".ToString == 0...
xpshop网店系统sql注入3枚打包
简要描述: 这是第二发 详细说明: 漏洞位置:XpShop.WebUI.AutoComplete protected void PageLoadobject sender, EventArgs e string input = this.GetInput; if input == "" base.Response.WriteUtils.ShowMsg"非法调用!"; else base.Response.Writethis.GetProductNameinput; base.Response.End; 跟进这个函数GetProductName: private string...
xpshop系统sql盲注一处
简要描述: 详细说明: 漏洞位置:xpshop.webui.checkout protected void PageLoadobject sender, EventArgs e this.sid = Utils.ReqIntParams"sid", -1; if base.CurrentUser == null base.Response.Redirectstring.Concatnew object "Login.aspx?ReturnUrl=/", WebUIBase.ShopFolder, "Checkout.aspx?sid=", this.sid ; else string...
xpshop网店系统任意文件上传漏洞
简要描述: 详细说明: 官方:http://www.xpshop.cn 官方demo站:http://enframe.xpshop.cn/ 用户中心,添加场景。直接上传任意格式文件,上传一句话 漏洞证明: RS...
xpshop商城管理系统储存型XSS,可盲打后台#2(demo演示+浏览器通杀)
简要描述: xss 详细说明: http://wooyun.org/bugs/wooyun-2015-0101571/trace/72e031e551be9369419de37fb75f49cb 继续额 先来到demo演示地址注册个账号:http://etp.xpshop.cn/ 然后随便选个东西加入购物车 等全部提交完以后我们直接查看订单 有个留言,在留言的地方插入:"/ 返回后查看订单成功弹窗 https://images.seebug.org/upload/201503/152211316698d18a588feb3a397b...
xpshop商城管理系统储存型XSS,可盲打后台(demo演示+浏览器通杀)
简要描述: xss 详细说明: WooYun: xpshop商城管理系统储存型XSS,可盲打后台 继续来 首先来到demo演示地址注册个账号:http://etp.xpshop.cn/ 然后随便选个东西加入购物车 这里有个订单附言,我们插入XSS语句:"/ 然后提交,提示提交成功 接下来点击查看订单后,成功弹窗 https://images.seebug.org/upload/201503/15212340546e8f2f021b77...
XPSHOP Shopping Mall system vulnerabilities-vulnerability warning-the black bar safety net
XPSHOP Shopping Mall system vulnerabilities Accidentally found this loophole..official now also don't know...I'm not elsewhere in the published Oh.. This vulnerability is bad...to the straight pull change people the administrator password!! A little bit wicked!!!... But for the sake of our networ...
XPSHOP商城系统Cookies欺骗漏洞
No description provided by source. http://www.hackeye.com/article/5496/...