90_ 发表于 2015-4-1 14:34:18

iwebshop Blind injection(二弹)

作者:Joseph

\controllers\seller.php
public function goods_del()
        {
                //post数据
            $id = IFilter::act(IReq::get('id'));
 
            //生成goods对象
            $goods = new goods_class();
            $goods->seller_id = $this->seller['seller_id'];
 
            if($id)
                {
                        if(is_array($id))
                        {
                                foreach($id as $key => $val)
                                {
                                        $goods->del($val);
                                }
                        }
                        else
                        {
                                $goods->del($id);
                        }
                }
                $this->redirect("goods_list");
        }
还是一样的获取方式,跟入del看下
*/
public function del($goods_id)
{
        $goodsWhere = " id = {$goods_id} ";
        if($this->seller_id)
        {
                $goodsWhere .= " and seller_id = ".$this->seller_id;
        }
        //删除商品表
        $tb_goods = new IModel('goods');
        if(!$tb_goods ->del($goodsWhere))
        {
                return;
        }
}
继续跟入
*/
public function del($where)
{
        $where = (strtolower($where) == 'all') ? '' : ' WHERE '.$where;
        $sql   = 'DELETE FROM '.$this->tableName.$where;
        echo $sql;
        return $this->db->query($sql);
}
还是一样的漏洞原因,直接贴图




payload还是一弹的那个商铺可以权限可以采用爆破的方式或者通过xss

echotxl 发表于 2015-4-3 00:14:15

nice work ,better work。。。。。。。。

q1076468651 发表于 2015-5-16 08:05:39

新手路过

r00tc4 发表于 2015-6-28 03:12:35

还是不错的哦,顶了

HUC-参谋长 发表于 2015-6-28 11:48:29

还是不错的哦,顶了

ayang 发表于 2015-6-28 14:35:28

wilist 发表于 2015-6-29 00:17:41

还是不错的哦,顶了

ayang 发表于 2015-6-29 19:24:20

学习学习技术,加油!

yusiii 发表于 2015-6-30 08:57:13

还是不错的哦,顶了

菜鸟小羽 发表于 2015-6-30 15:31:45

学习学习技术,加油!
页: [1]
查看完整版本: iwebshop Blind injection(二弹)