Lucene search
K

20 matches found

CNVD
CNVD
added 2019/09/02 12:0 a.m.1 views

XpShop Mall System Vulnerability in Shenzhen Xinpu Software Development Co.

Shenzhen Xinpu Software Development Co., Ltd. is an e-commerce system development as the core of the station-building company. Shenzhen Xinpu Software Development Co., Ltd XpShop mall system has an override access vulnerability, which can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2015/12/11 12:0 a.m.13 views

xpshop preview.aspx SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/11 12:0 a.m.16 views

xpshop comorder.aspx SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/11 12:0 a.m.14 views

xpshop AutoComplete.aspx sql注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/11 12:0 a.m.22 views

xpshop memberlostpass.aspx SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/11 12:0 a.m.18 views

xpshop comorder.aspx SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/11 12:0 a.m.16 views

xpshop myrefund.aspx SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/11 12:0 a.m.24 views

xpshop CheckOut.aspx SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/11 12:0 a.m.14 views

xpshop ajax.aspx AreaName参数 SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/10 12:0 a.m.23 views

xpshop网店系统 xpshop.webui.Show SQL 注入

漏洞位置xpshop.webui.Show: private void GetImgstring pids ProductDB productDB = new ProductDB; DataTable thumbnailImg = productDB.GetThumbnailImgpids; thumbnailImg.TableName = "Products"; base.Response.WriteXpShopJson.DtToJSONthumbnailImg; 这里是问题函数,我就不写怎么跟进来的,就是pageload,等下直接用payload测试就好了,官网demo的。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/23 12:0 a.m.19 views

xpshop网店系统sql注入(demo演示)

简要描述: 详细说明: 漏洞位置:xpshop.webui.MyRefund protected void PageLoadobject sender, EventArgs e if Utils.requestbase.Request.QueryString"type" && Utils.requestbase.Request.QueryString"Action" string text = base.Request.QueryString"Action"; if text != null if !text == "GetImg" if text == "GetPackageGID"...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2015/10/23 12:0 a.m.139 views

xpshop网店系统sql注入(官网demo演示)

简要描述: 详细说明: 漏洞位置:xpshop.webui.MyRefund protected void PageLoadobject sender, EventArgs e if base.CurrentUser == null string str = "Login.aspx?ReturnUrl=/" + WebUIBase.ShopFolder + "MyRefund.aspx"; base.Response.Redirect"/" + WebUIBase.ShopFolder + str; else if base.CurrentUser.Name == "anonymous"...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2015/10/22 12:0 a.m.26 views

xpshop网店系统sql注入

简要描述: 详细说明: 漏洞位置:xpshop.webui.MemberLostpass protected void btnSendClickobject sender, EventArgs e this.btnSend.Enabled = false; if int.ParseUtils.GetTableValues"Member", "CountMemberID", "Name", this.txtAccount.Text.Trim, " And Email = '" + this.txtEmail.Text.Trim + "'".ToString == 0...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2015/10/15 12:0 a.m.20 views

xpshop网店系统sql注入3枚打包

简要描述: 这是第二发 详细说明: 漏洞位置:XpShop.WebUI.AutoComplete protected void PageLoadobject sender, EventArgs e string input = this.GetInput; if input == "" base.Response.WriteUtils.ShowMsg"非法调用!"; else base.Response.Writethis.GetProductNameinput; base.Response.End; 跟进这个函数GetProductName: private string...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/15 12:0 a.m.16 views

xpshop系统sql盲注一处

简要描述: 详细说明: 漏洞位置:xpshop.webui.checkout protected void PageLoadobject sender, EventArgs e this.sid = Utils.ReqIntParams"sid", -1; if base.CurrentUser == null base.Response.Redirectstring.Concatnew object "Login.aspx?ReturnUrl=/", WebUIBase.ShopFolder, "Checkout.aspx?sid=", this.sid ; else string...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/04/16 12:0 a.m.30 views

xpshop网店系统任意文件上传漏洞

简要描述: 详细说明: 官方:http://www.xpshop.cn 官方demo站:http://enframe.xpshop.cn/ 用户中心,添加场景。直接上传任意格式文件,上传一句话 漏洞证明: RS...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/03/20 12:0 a.m.36 views

xpshop商城管理系统储存型XSS,可盲打后台#2(demo演示+浏览器通杀)

简要描述: xss 详细说明: http://wooyun.org/bugs/wooyun-2015-0101571/trace/72e031e551be9369419de37fb75f49cb 继续额 先来到demo演示地址注册个账号:http://etp.xpshop.cn/ 然后随便选个东西加入购物车 等全部提交完以后我们直接查看订单 有个留言,在留言的地方插入:"/ 返回后查看订单成功弹窗 https://images.seebug.org/upload/201503/152211316698d18a588feb3a397b...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/03/20 12:0 a.m.36 views

xpshop商城管理系统储存型XSS,可盲打后台(demo演示+浏览器通杀)

简要描述: xss 详细说明: WooYun: xpshop商城管理系统储存型XSS,可盲打后台 继续来 首先来到demo演示地址注册个账号:http://etp.xpshop.cn/ 然后随便选个东西加入购物车 这里有个订单附言,我们插入XSS语句:"/ 然后提交,提示提交成功 接下来点击查看订单后,成功弹窗 https://images.seebug.org/upload/201503/15212340546e8f2f021b77...

7.1AI score
Exploits0
myhack58
myhack58
added 2008/11/06 12:0 a.m.20 views

XPSHOP Shopping Mall system vulnerabilities-vulnerability warning-the black bar safety net

XPSHOP Shopping Mall system vulnerabilities Accidentally found this loophole..official now also don't know...I'm not elsewhere in the published Oh.. This vulnerability is bad...to the straight pull change people the administrator password!! A little bit wicked!!!... But for the sake of our networ...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2008/11/06 12:0 a.m.14 views

XPSHOP商城系统Cookies欺骗漏洞

No description provided by source. http://www.hackeye.com/article/5496/...

7.1AI score
Exploits0
Rows per page
Query Builder