iwebshop Blind injection(二弹)

90_

作者：Joseph

\controllers\seller.php

[PHP] 纯文本查看 复制代码

public function goods_del()
        {
                //post数据
            $id = IFilter::act(IReq::get('id'));
 
            //生成goods对象
            $goods = new goods_class();
            $goods->seller_id = $this->seller['seller_id'];
 
            if($id)
                {
                        if(is_array($id))
                        {
                                foreach($id as $key => $val)
                                {
                                        $goods->del($val);
                                }
                        }
                        else
                        {
                                $goods->del($id);
                        }
                }
                $this->redirect("goods_list");
        }

还是一样的获取方式，跟入del看下

[PHP] 纯文本查看 复制代码

*/
public function del($goods_id)
{
        $goodsWhere = " id = {$goods_id} ";
        if($this->seller_id)
        {
                $goodsWhere .= " and seller_id = ".$this->seller_id;
        }
        //删除商品表
        $tb_goods = new IModel('goods');
        if(!$tb_goods ->del($goodsWhere))
        {
                return;
        }
}

继续跟入

[PHP] 纯文本查看 复制代码

*/
public function del($where)
{
        $where = (strtolower($where) == 'all') ? '' : ' WHERE '.$where;
        $sql   = 'DELETE FROM '.$this->tableName.$where;
        echo $sql;
        return $this->db->query($sql);
}

还是一样的漏洞原因,直接贴图




payload还是一弹的那个商铺可以权限可以采用爆破的方式或者通过xss

echotxl

nice work ，better work。。。。。。。。

q1076468651

新手路过

r00tc4

还是不错的哦，顶了

HUC-参谋长

还是不错的哦，顶了

ayang

wilist

还是不错的哦，顶了

ayang

学习学习技术，加油！

yusiii

还是不错的哦，顶了

菜鸟小羽

学习学习技术，加油！