ECSHOP Mall system flow. php page the filter is not strict lead to SQL injection vulnerabilities-vulnerability warning-the black bar safety net

2010-05-18T00:00:00
ID MYHACK58:62201026956
Type myhack58
Reporter 佚名
Modified 2010-05-18T00:00:00

Description

ECSHOP is an open source free online store system. By the professional development team upgrade and maintenance, to provide you with timely and efficient technical support, you can also according to their own business characteristics of ECSHOP be customized to increase their own store features.

文件 flow.php .................................. elseif ($_REQUEST[’step’] == ’update_cart’) { if (isset($_POST[’goods_number’]) && is_array($_POST[’goods_number’])) { flow_update_cart($_POST[’goods_number’]); } show_message($_LANG[’update_cart_notice’], $_LANG[’back_to_cart’], ’flow.php’); exit; } ................................... function flow_update_cart($arr) { / Processing / foreach ($arr AS $key => $val) { $val = intval(make_semiangle($val)); if ($val <= 0) { continue; } //Query: $sql = "SELECT goods_id, goods_attr_id, product_id, extension_code FROM" .$ GLOBALS[’ecs’]->table(’cart’). "WHERE rec_id=’$key’ AND session_id=’" . SESS_ID . "’"; $goods = $GLOBALS[’db’]->getRow($sql); ........................................ $_POST[’goods_number’]variable is not filtered, the magic_quotes_gpc=off in the case of the can type into injection vulnerability

The current vendor has not provided the patch or upgrade process, we recommend the use of this software users follow the manufacturer's home page to get the latest version: http://www.ecshop.com Note: starting Mr_Xhming’s Blog