shop7z 注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: shop7z 注入漏洞 ### 详细说明: ``` Advsearchadmin.asp kindnum=trim(request("kindnum")) pipai=trim(request("pipai")) model=trim(request("model")) productname=trim(request("productname")) price11=trim(request("price11")) price12=trim(request("price12")) price21=trim(request("price21")) price22=trim(request("price22")) if price11="" then price11="0" if price12="" then price12="9999999" if price21="" then price21="0" if price22="" then price22="9999999" sqlcon=" where pkid>0 and updown='1' " if kindnum<>"" then sqlcon = sqlcon &" and kind like '"&kindnum&"%' "//都没过滤 end if if pipai<>"" then sqlcon = sqlcon &" and pipai like '%"&pipai&"%' " end if if model<>"" then sqlcon = sqlcon &" and model like '%"&model&"%' " end if if productname<>"" then sqlcon = sqlcon &" and productname like '%"&productname&"%' " end if sql="select pkid,model,productname,smallpicpath,price1,price"&session("customkind")&",kindname,pipai,addtime from view_product "&sqlcon&" order by pkid desc" 'response.write...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息