【Oday】shopex 注入 0day (4.8.5)

  • A+
所属分类:lcx

作者:俺是农村的
QQ:332876777

coreinclude_v5shopCore.php

public function shopCore( )
{
         parent::kernel( );
         if ( isset( $_POST['spgdif'] ) )
         {
                 $this->spgdif( );  //进入函数  By:俺是农村的
                 exit( );
         }
     ............................
}
public function spgdif( )
{
         include_once( CORE_DIR."/func_ext.php" );
         if ( $_POST['session'] && $_POST['query'] && $_POST['sign'] )   //没任何过滤  QQ:332876777
         {
                 if ( md5( $_POST['query'].$_POST['session']."shopex_stats" ) == $_POST['sign'] )  //MD5 验证,我们可以自己控制。
                 {
                         $cert = $this->loadModel( "service/certificate" );
                         if ( $data = $cert->session_vaild( $_POST['session'] ) )
                         {
                                 $this->fetchdata( $_POST['query'] );
                         }
                 ..........................
public function fetchdata( $params )
{
         $params = unserialize( $params );
         $sql = "SELECT ";
         foreach ( $params['fields'] as $key => $value )
         {
                 $sql .= $value['method']."(".$value['name'].")";
                 if ( $value['alias'] )
                 {
                         $sql .= " as ".$value['alias'];  //代入sql  By:小翔
                 }
                 $sql .= ",";
         }
         $sql = substr( $sql, 0, -1 );
         $sql .= " FROM ".$params['tbl']." ";
     ...............
         $db = $this->database( );
         ob_start( );
         $data = $db->select( $sql );
         ob_end_clean( );
         if ( $data )
         {
                 echo json_encode( array(
                         "res" => "succ",
                         "data" => $data  //没任何干扰,全部显示出来!(人品好了点。) By:俺是农村的
                 ) );
         }
         else
         {
                 echo json_encode( array(
                         "res" => "fail",
                         "data" => $sql
                 ) );
         }
}

Exp下载:http://www.uudisc.com/user/nuclearatk/file/3143746

文章来源于lcx.cc:【Oday】shopex 注入 0day (4.8.5)

相关推荐: 【Html】Body 设置网页、页面背景、文字颜色

Html Body 设置网页、页面背景、文字颜色: 背景颜色: 文字颜色:     Html Body 设置网页、页面背景、文字颜色,Html Body 设置网页背景、文字颜色,Html Body 设置页面背景、文字颜色,Html Body 设置网页背景颜色,…

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: