Ecshop后台两处本地文件包含漏洞

简要描述： 整套程序当中对于某函数未做任何过滤........导致.......你猜......... 求礼物 详细说明： 第一个存在\admin\integrate.php文件中（其实还有好多，我找了两个代表的就提交了） code通过post提交未过滤 第二个存在\admin\shipping.php code通过get提交 漏洞证明： 我在根目录下有一个2.php文件内容是phpinfo url:http://127.0.0.1/ec/admin/integrate.php?act=saveucconfig post:code=..%2F..%2F..%2F2...

ecshop最新2.7.3版本后台本地包含漏洞

简要描述： ecshop最新2.7.3版本后台本地包含漏洞 详细说明： admin/integrate.php文件，110行 $code = empty$GET'code' ? '' : trim$GET'code'; if empty$code || fileexistsROOTPATH . DATADIR . '/integrate' . $code . 'log.php' sysmsg$LANG'lostintalllog', 1; includeROOTPATH . DATADIR . '/integrate' . $code . 'log.php'; 1. $code 未过滤 ...

ECShop PHP Code Execution

Securitylab.ir Application Info: Name: ecshop Version: 2.6.2 Website: http://www.ecshop.com Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: info@securitylabdotir & [email protected] =========================================================== :: integrate.php :: if...

ecshop 2.6.2 - Multiple Remote Command Execution Vulnerabilities

ecshop 2.6.2 - Multiple Remote Command Execution Vulnerabilities Securitylab.ir Application Info: Name: ecshop Version: 2.6.2 Website: http://www.ecshop.com Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: info@securitylabdotir & [email protected]...

ECShop shop system<=V2. 6. 2 the background to get webshell-vulnerability warning-the black bar safety net

ECSHOP is an open source free online store system. By the professional development team upgrade and maintenance, to provide you with timely and efficient technical support, you can also according to their own business characteristics of ECSHOP be customized to increase their own store features...