Products and Manufacturers
Manufacturer's Official Website: https://www.jihainet.com/
Fofa Asset Mapping: icon_hash="715502892" || title="Jshop小程序商城"
Vulnerability Description
Jshop Mini Program Mall is an open-source e-commerce system that includes WeChat Mini Program, Alipay Mini Program, APP, Official Account, H5, PC, Douyin Mini Program, Toutiao Mini Program, Pipixia Mini Program, and Xigua Video Mini Program, providing excellent mobile e-commerce solutions for enterprises of all sizes.
Vulnerability Details: This product has an SQL injection vulnerability in its implementation, which attackers can exploit to obtain sensitive information from the database.
Example Vulnerable Sites
The following websites are confirmed to be running vulnerable versions of Jshop Mini Program Mall:
Vulnerability Exploitation
SQLMap Exploitation Example
This command demonstrates how to exploit the SQL injection vulnerability using SQLMap, a popular penetration testing tool.
Exploitation Evidence
