Shulou(Shulou.com)05/31 Report--

ECShop SQL injection arbitrary code execution vulnerability reproduction is how, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

ECShop is a B2C independent online store system, which is suitable for enterprises and individuals to quickly build personalized online stores. The system is a cross-platform open source program developed based on PHP language and MYSQL database framework.

In 2017 and previous versions, there is a SQL injection vulnerability that can inject malicious data and eventually lead to arbitrary code execution vulnerabilities. The vulnerability has been fixed since version 3.6.0

Affected version: Ecshop 2.x Ecshop 3.x-3.6.0

The following is only for vulnerability recurrence record and implementation, and the utilization process is as follows:

I. Construction of loophole environment

The reproduction environment is built with vulhub. Execute the following command to build the platform.

Cd vulhub/ecshop/xianzhi-2017-02-82239600 /

Docker-compose up-d

Open port 8080 (version 2.7.3) and port 8081 (version 3.6.0) after execution

Fill in the mysql address with mysql,mysql account and password as root, and fill in the database name at will, but the database name of 2.7.3 and 3.6.0 cannot be the same.

After installation, access to the following figure

Version 2.7.3

Version 3.6.0

Vulnerability link: http://192.168.101.152:8080/ http://192.168.101.152:8081/

Second, the recurrence of loopholes

There is an exploit script on vulhub. Copy it and put it into the code debugging function of the seay tool and then execute it to get poc.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.