shopex绕过补丁本地包含漏洞#4
简要描述: 360提交的漏洞,官方修复不严谨 详细说明: http://bbs.webscan.360.cn/forum.php?mod=viewthread&tid=8613&extra=page%3D1 修复前: 修复后(\core\api\shopapi.php): if isset$REQUEST'appname' $appName = pregreplace'/^a-z0-1/i', '', $REQUEST'appname'; elseif strpos$apiAct, ':' 0 // request plugin api list$appName, $apiAct =...