ECShop V2. 7. 3 GBK release1106 injection 0day and fix-vulnerability warning-the black bar safety net

2012-12-27T00:00:00
ID MYHACK58:62201236409
Type myhack58
Reporter 佚名
Modified 2012-12-27T00:00:00

Description

C0deplay Team j8g

Look at the code

/ Modify personal information /

elseif ($action == ‘act_edit_profile’)

{

the include_once(ROOT_PATH . ‘includes/lib_transaction.php’);

$birthday = trim($_POST['birthdayYear']) .’-’. trim($_POST['birthdayMonth']) .’-’.

trim($_POST['birthdayDay']);

$email = trim($_POST['email']);

$other['msn'] = $msn = isset($_POST['extend_field1']) ? trim($_POST['extend_field1']) : ”;

$other['qq'] = $qq = isset($_POST['extend_field2']) ? trim($_POST['extend_field2']) : ”;

$other['office_phone'] = $office_phone = isset($_POST['extend_field3']) ? trim($_POST['extend_field3']) : ”;

$other['home_phone'] = $home_phone = isset($_POST['extend_field4']) ? trim($_POST['extend_field4']) : ”;

$other['mobile_phone'] = $mobile_phone = isset($_POST['extend_field5']) ? trim($_POST['extend_field5']) : ”;

$sel_question = empty($_POST['sel_question']) ? ” From : $_POST['sel_question'];

$passwd_answer = isset($_POST['passwd_answer']) ? trim($_POST['passwd_answer']) : ”;

/ Update the user extension field data /

$sql = ‘SELECT id FROM ‘ . $ecs->table(‘reg_fields’) . ‘ WHERE type = 0 AND display = 1 ORDER BY dis_order, id’; //read out all of the extended field id

$fields_arr = $db->getAll($sql);

foreach ($fields_arr AS $val) //loop to update extended user information

[1] [2] [3] next