WooYun.org

杭州珍诚网络科技有限公司官网:http://www.zc511.com/
说明一下这个注入很鸡肋。需要注册才能注入。而且还是Get请求。
这是一个购物车里产生的漏洞。
看案例如下：
http://www.zjrrt.com/addProductShoppingCart.do?amount=1&productID=248926 注册的账号ceshi123456 123456
http://www.smdyf.cn/addProductShoppingCart.do?amount=1&productID=148596 注册的账号ceshi123456 123456
http://www.ewj2009.com/addProductShoppingCart.do?amount=1&productID=248926
http://www.46buy.com/addProductShoppingCart.do?amount=1&productID=248926
http://www.hnjbyy.cn/addProductShoppingCart.do?amount=1&productID=248926
http://www.hnlbxdyf.com/addProductShoppingCart.do?amount=1&productID=248926
http://test.gxjjls.com/addProductShoppingCart.do?amount=1&productID=248926
http://test.hzyibai.com/addProductShoppingCart.do?amount=1&productID=248926
说明一下.我就注册了两个。其他的都存在这样的问题。比较麻烦而已。
请看productID=248926这个参数。后面的值一定注意。必须是药店商品的值,而且必须有货。我演示一下

2.然后我们这个连接http://www.smdyf.cn/addProductShoppingCart.do?amount=1&“productID=148596” 这里就是上面的那个值了。
我就测试一个注入。
1.测试注入：http://www.smdyf.cn/addProductShoppingCart.do?amount=1&productID=148596
抓的包如下：
GET /addProductShoppingCart.do?amount=1&productID=148596 HTTP/1.1
Host: www.smdyf.cn
Proxy-Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=C0AF0179A41F860AEE9DF67784D013E9; pgv_pvi=4297144320; pgv_si=s1353802752; jiathis_rdc=%7B%22http%3A//www.smdyf.cn/getProductInfo.do%3FproductId%3D148357%22%3A-163299437%2C%22http%3A//www.smdyf.cn/getProductInfo.do%3FproductId%3D149908%22%3A-163215445%2C%22http%3A//www.smdyf.cn/getProductInfo.do%3FproductId%3D149901%22%3A-163211192%2C%22http%3A//www.smdyf.cn/product/149921%22%3A-163206448%2C%22http%3A//www.smdyf.cn/product/149917%22%3A-163202082%2C%22http%3A//www.smdyf.cn/product/149920%22%3A-163198263%2C%22http%3A//www.smdyf.cn/getProductInfo.do%3FproductId%3D149921%22%3A-163192592%2C%22http%3A//www.smdyf.cn/getProductInfo.do%3FproductId%3D149758%22%3A0%7C1417176019794%2C%22http%3A//www.smdyf.cn/getProductInfo.do%3FproductId%3D148596%22%3A%220%7C1417176031359%22%7D; hisProduct=%5B%7B%22reURL%22%3A%22http%3A%2F%2Fwww.smdyf.cn%2FgetProductInfo.do%3FproductId%3D148357%22%2C%22imageURL%22%3A%22http%3A%2F%2Ftest.smdyf.cn%2Fproduct_small_pic%2Fs1172.jpg%22%2C%22title%22%3A%22%E8%82%A4%E7%97%92%E9%A2%97%E7%B2%92%22%2C%22price%22%3A%2225.20%22%7D%2C%7B%22reURL%22%3A%22http%3A%2F%2Fwww.smdyf.cn%2FgetProductInfo.do%3FproductId%3D149908%22%2C%22imageURL%22%3A%22http%3A%2F%2Ftest.smdyf.cn%2Fproduct_small_pic%2Fs44630.jpg%22%2C%22title%22%3A%22%E6%B1%A4%E8%87%A3%E5%80%8D%E5%81%A5%E6%B6%B2%E4%BD%93%E9%92%99%E8%BD%AF%E8%83%B6%E5%9B%8A%22%2C%22price%22%3A%2298.00%22%7D%2C%7B%22reURL%22%3A%22http%3A%2F%2Fwww.smdyf.cn%2FgetProductInfo.do%3FproductId%3D149901%22%2C%22imageURL%22%3A%22http%3A%2F%2Ftest.smdyf.cn%2Fproduct_small_pic%2Fs3417.jpg%22%2C%22title%22%3A%22%E6%B1%A4%E8%87%A3%E5%80%8D%E5%81%A5%E7%BB%B4%E7%94%9F%E7%B4%A0C%22%2C%22price%22%3A%22118.00%22%7D%2C%7B%22reURL%22%3A%22http%3A%2F%2Fwww.smdyf.cn%2FgetProductInfo.do%3FproductId%3D149921%22%2C%22imageURL%22%3A%22http%3A%2F%2Ftest.smdyf.cn%2Fproduct_small_pic%2Fs3456.jpg%22%2C%22title%22%3A%22%E6%B4%8B%E5%8F%82%E5%90%AB%E7%89%87(%E5%BA%B7%E5%AF%8C%E6%9D%A5)%22%2C%22price%22%3A%228.40%22%7D%2C%7B%22reURL%22%3A%22http%3A%2F%2Fwww.smdyf.cn%2FgetProductInfo.do%3FproductId%3D149758%22%2C%22imageURL%22%3A%22http%3A%2F%2Ftest.smdyf.cn%2Fproduct_small_pic%2Fs3077.jpg%22%2C%22title%22%3A%22%E5%AE%9D%E6%B6%A6%E9%80%9A%E5%86%B2%E5%89%82%22%2C%22price%22%3A%2230.00%22%7D%2C%7B%22reURL%22%3A%22http%3A%2F%2Fwww.smdyf.cn%2FgetProductInfo.do%3FproductId%3D148596%22%2C%22imageURL%22%3A%22http%3A%2F%2Ftest.smdyf.cn%2Fproduct_small_pic%2Fs11859.jpg%22%2C%22title%22%3A%22%E6%84%9F%E5%86%92%E7%81%B5%E9%A2%97%E7%B2%92%22%2C%22price%22%3A%225.50%22%7D%5D; CNZZDATA3425515=cnzz_eid%3D1063865882-1417175881-%26ntime%3D1417175881