easethink payment. php injection vulnerability analysis attached to the use of the EXP-bug warning-the black bar safety net

2013-06-21T00:00:00
ID MYHACK58:62201339335
Type myhack58
Reporter 佚名
Modified 2013-06-21T00:00:00

Description

Vulnerability author: leehenwu

0 1 vulnerability analysis

Vulnerabilities in payment. php file

elseif($_REQUEST['act']=='return') { //payment jump back to page $class_name = $_REQUEST['class_name']; $payment_info = $GLOBALS['db']->getRowCached("select * from ". DB_PREFIX."payment where class_name = '".$ class_name."'"); if($payment_info) { require_once APP_ROOT_PATH."system/payment/".$ payment_info['class_name']." _payment.php"; $payment_class = $payment_info['class_name']." _payment"; $payment_object = new $payment_class(); $payment_code = $payment_object->response($_REQUEST); } else { showErr($GLOBALS['lang']['PAYMENT_NOT_EXIST']); } }

[1] [2] next