【官方悬赏】CNVD-2020-27169(悬赏等级:中)

CNVD 编号

CNVD-2020-27169

危害级别

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

影响产品

山西牛酷信息科技有限公司 B2C单商户商城系统 2.3

漏洞描述

B2C单商户商城系统是由山西牛酷信息科技有限公司自主设计、研发的一套PHP的开源电商系统。

B2C单商户商城系统存在SQL注入漏洞,攻击者可利用该漏洞获取数据库敏感信息。

漏洞解决方案

厂商尚未提供漏洞修复方案,请关注厂商主页更新:
https://www.niushop.com.cn

悬赏时间

2020.5.12

悬赏种类

官方悬赏

悬赏问题

该漏洞具体细节

悬赏解决方式

在论坛【悬赏细节】版面对于本漏洞进行漏洞分析

悬赏积分

3 酒币

悬赏状态

待解决

2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getAdminUserInfo(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Auth.php:316:11141 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getNoticeTemplateType(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Config.php:1836:70469 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getNoticeTemplateItem(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Config.php:1879:72523 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->updatePromoterLevel(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Distribution.php:470:18236 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->updatePartnerLevel(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Distribution.php:1110:42554 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsCategoryListByParentId(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:337:13507 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:564:24305 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsCategoryListByParentId(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:719:30177 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->deleteRecycleGoods(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:741:30760 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsCategoryListByParentId(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:814:34054 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsCategoryTree(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:954:40721 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsCategoryListByParentId(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:971:41482 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->deleteGoodsCategory(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:1023:43927 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->deleteGoodsGroup(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:1291:54018 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->deleteGoodsSpec(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:1511:61598 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->deleteGoodsSpecValue(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:1524:61956 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getAttributeServiceDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:1634:66123 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->regainGoodsDeleted(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:1923:76675 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->copyGoodsInfo(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Goods.php:1935:76966 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->login(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Login.php:121:3892 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderGoodsExpressDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:213:8006 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderPrint(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:228:8484 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:247:9123 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:312:11963 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:343:13582 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:399:15546 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderInfo(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:452:17549 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderComplete(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:473:18146 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:497:18832 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderGoods(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:503:19265 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:519:19810 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderGoods(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:525:20222 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderGoods(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:574:22065 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderInfo(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:575:22130 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderGoodsRefundAskfor(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:662:25914 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderGoodsCancel(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:679:26508 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderGoodsRefuseForever(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:732:28433 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderGoodsRefuseOnce(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:749:29007 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderGoodsConfirmRefund(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:791:30800 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getAddress(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:942:35831 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Order.php:1872:68800 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->deleteSystemModule(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/System.php:218:8943 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->updateWebBlock(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/System.php:1156:44678 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getWebBlockDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/System.php:1190:46665 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->setWebBlockIsBlock(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/System.php:1260:49319 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getProductPatch(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Upgrade.php:194:7673 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->deleteWeixinMenu(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Wchat.php:327:11192 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->deleteWeixinMediaDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Wchat.php:517:18789 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsSkuListPrice(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Goods.php:323:13241 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsSkuListPrice(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Goods.php:355:14612 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsSkuListPrice(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Goods.php:386:15912 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Goods.php:1229:48701 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Goods.php:1297:51187 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->login(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Login.php:153:5862 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->login(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Login.php:237:8855 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->registerMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Login.php:554:20984 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->qqLogin(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Login.php:896:33517 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->login(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Login.php:997:37666 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->registerMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Login.php:1124:43176 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->registerMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Login.php:1131:43539 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Member.php:656:25089 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Member.php:691:26383 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderGoodsCancel(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Member.php:1763:73729 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderGoods(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Member.php:2188:90392 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Member.php:2189:90454 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderGoods(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Member.php:2226:91955 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Member.php:2227:92017 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderGoodsRefundAskfor(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Member.php:2405:98764 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Member.php:2898:118443 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Member.php:2960:121106 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Order.php:377:18601 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderGoodsRefundAskfor(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Order.php:415:20116 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/BaseController.php:391:17434 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getUserInfoByUid(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/CustomTemplate.php:89:3412 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsCoupon(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Goods.php:175:6916 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->addGoodsBrowse(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Goods.php:186:7410 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Goods.php:581:22707 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Goods.php:1239:48298 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsList(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Goods.php:1348:52001 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsCoupon(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Goods.php:1488:57869 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->addGoodsBrowse(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Goods.php:1499:58363 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getUserInfoByUid(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Index.php:128:4679 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->login(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:253:10613 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->login(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:259:11050 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->wchatBindMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:281:11814 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->qqLogin(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:513:21917 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->wchatUnionLogin(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:572:25248 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->registerMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:666:29217 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->qqLogin(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:679:29996 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->registerMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:724:31601 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->registerMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:727:31789 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->registerMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:729:31956 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->wchatBindMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:737:32273 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->login(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:853:36685 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->login(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:855:36773 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->login(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:1338:57363 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->updateUserImg(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:1491:62424 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->login(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:1523:63599 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->registerMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:1651:69220 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->registerMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Login.php:1658:69579 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderGoods(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Order.php:1305:60038 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Order.php:1306:60100 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderGoods(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Order.php:1401:64087 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Order.php:1402:64149 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderGoodsRefundAskfor(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Order.php:1661:73438 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getOrderDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Order.php:2281:100109 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->onlinePay(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Pay.php:369:14722 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->onlinePay(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Pay.php:380:15526 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->backReceive(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Pay.php:536:21672 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderPaymentUserBalance(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Pay.php:615:24930 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->addPromotionMansong(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Promotion.php:462:17468 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->updatePromotionMansong(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Promotion.php:485:18454 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->addPromotiondiscount(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Promotion.php:583:22389 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->updatePromotionDiscount(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Promotion.php:603:23281 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getMemberDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Member.php:353:12282 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getMemberDetail(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/admin/controller/Member.php:428:15082 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->registerMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Login.php:279:10327 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->registerMember(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Login.php:286:10621 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderCreate(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Order.php:73:2879 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderCreatePresell(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Order.php:122:5583 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderCreateVirtual(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Order.php:212:10464 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderCreateComboPackage(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Order.php:259:12845 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderCreatePointExhange(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Order.php:308:15815 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->getGoodsListByConditions(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Goods.php:768:30208 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderCreate(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Order.php:963:43543 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderCreatePresell(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Order.php:1014:46526 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderCreateVirtual(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Order.php:1060:48886 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderCreateComboPackage(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Order.php:1108:51331 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->orderCreatePointExhange(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Order.php:1157:54278 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->groupBuyOrderCreate(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/shop/controller/Order.php:167:8306 is probably vulnerable.(Trace Graph at )
2020-05-12 19:41:55 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->groupBuyOrderCreate(); at /Users/maple/Downloads/php-test2/niushop_b2c_mf2.3/application/wap/controller/Order.php:2039:89981 is probably vulnerable.(Trace Graph at )

没shen,似乎第一个就是 )

1 Like

师傅太强了!

师傅用的这个是自己实现的吗?有些牛逼

对啊,实验中,本来想放在论坛上的,但是boss说不行,没办法。

很多东西还在实验中,php的语法很灵活(恶心=),国内也没有做的比较好的。用了一些比较有意思的算法,最近停下来,看看效果,测一测东西,找点问题!

2 Likes

是用 GO 写的 我最近要写论文 也打算向这个方向研究一下

对,我这是用go写的,属于PL的应用,静态分析这一块。 前期做了很多准备,编译原理必不可少,随便学习一下PL方面的理论。

用 php-parser这个解析应该还行,自己实现AST解析就很费事了,之前用python写过查找反序列化利用链的辅助工具,要自己实现解析的话太难了,后面用了一些开源的ast解析库,对新型的框架和库的解析不是太友好。感觉上用PHP 配合php-parser实现审计可能效果会更好一些,毕竟本体语言

最好先定一个目标,因为不可能针对所有类型漏洞进行检查,比如sql,文件包含,文件上传,命令执行,或者更高层的逻辑漏洞,你可以针对性的做,我看了一些关于php检测的论文,没什么亮点,主要是php语法太灵活了,php的内置环境变量(函数,标准类)太多等等。其中有一篇论文把我惊到了,他竟然把php转成了c,用llvm来检测,这tm一看就是水论文的,我打开他那个phptoc的工具网站,都没了。

如果你针对php7.4做的话,可能会不错哦,因为里面有一个完整php typed 新特性,很大程度上减少了动态的特性,而且贴java的强类型,未来如果对java感兴趣,也可以试试。有很多针对java静态分析的论文哦,php就相对来说冷门了。

1 Like

呵呵,我这个项目的名字叫php-parser,向那个php版的php-parser 致敬,并没有用到它,它却是很强,这毋庸置疑,在ast上分析还是不太行,最好还是翻译成自己的ir,实际上我也是这么做的。但现在没有完全翻译完,所以现在是ast也有 ,我自己ir也有。

完全自己实现tql👍做好了可以包装成商用产品了还是挺有市场

那只是奢望,国内甚至乃至于世界,都没有一个比较好的php静态分析应用。而且现在这个项目,完全是我一个人在弄,只是在不断的尝试新的东西,总结一些经验!

2 Likes