ECSHOP cross-site+background file contains=Getshell-a vulnerability warning-the black bar safety net

2013-08-05T00:00:00
ID MYHACK58:62201340082
Type myhack58
Reporter viekst
Modified 2013-08-05T00:00:00

Description

Brief description:

See focus on the application there Ecshop came..

Detailed description:

0x1 the member Center to add the out of stock registry linkman parameters in the background to view in detail when not to do the encoding,leading to cross-site..

0x2 ecshop background integrate. php file from the 8th row 0 from the basic is a file that contains..

You can access

http://localhost:8 0 8 2/ECShop_V2. 7. 3/admin/integrate. php? act=install&code=../../../../ECShop_V2. 7. 3/data/feedbackimg/6_20130506toqbvy. txt%0 0

To contain our files,but requires background privileges,truncate it against your own character..

0x3 we combine one two in the comments of the upload of a text file,through cross-site allow the administrator to access the files it contains can getshell...

Vulnerability proof:

!

!

Repair solutions:

Fix the background of the Cross-Station and file contains..