Recently, the 3 6 0 Web sites[security testing]()platform exclusive discover the online store system ECShop Alipay plug-in the presence of high-risk 0day vulnerability. Hackers can use a[SQL injection]()to bypass the system to limit access to the web data, and then implement the“drag library”steal site information. Due to ECShop with e-Commerce is closely related, involving online money transactions, once the vulnerability is a wide range of use, will result in serious consequences. For this, 3 6 0 in the first time to ECShop informed the vulnerability details and assist in the launch of the official fix patch. 3 6 0 Web sites[security testing]()platform Services Web: http://webscan.360.cn ECShop is a popular B2C online built Station system, many foreign well-known enterprises and personal users are using ECShop build the electricity supplier website. It is reported, 3 6 0 the discovery of the vulnerability exists in all versions of the ECShop system, a large number of e-Commerce websites face is dragged in the library of the risk. ! [](/Article/UploadPic/2013-2/2 0 1 3 2 1 9 1 4 4 5 1 7 6 1 0. png) Figure 1: the hacker can use the str_replace function to bypass the single quote limit implementation[SQL injection]() Data 3 6 0 security engineers to analyze the emergence of the ECShop system[SQL injection]()vulnerability exists in the/includes/modules/payment/alipay. php file, the file is ecshop Alipay plugin.! [](/Article/UploadPic/2013-2/2013219144518933.gif)! [](/Article/UploadPic/2013-2/2013219144518933.gif)due to ECShop to use the str_replace function to do the string replacement, the hacker can bypass the single quote limit structure[SQL injection]()statement. Simply open the PayPal payment plugin will be able to use this vulnerability to obtain web data, and does not need to register to login. GBK and UTF-8 version ECshop are the presence of this vulnerability. ! [](/Article/UploadPic/2013-2/2 0 1 3 2 1 9 1 4 4 5 1 8 5 6 4. png) Figure 2: Structure of a SQL statement you can query the admin user password Currently, ECShop official website has released the official hotfix. 3 6 0 Web sites[security testing]()platform is also the first time to the registered user to send an alarm message to remind users as soon as possible, patching, prevent hackers drag library attack. At the same time, 3 6 0 the safety engineer recommends that the site administrator and individual webmasters use 3 6 0 Web sites[security testing]()platform to the site to conduct a comprehensive physical examination, to grasp the site's security status, and the use of 3 6 0 site Guard Defense hacked. Temporary solution: **[1] [[2]](<37397_2.htm>) [next](<37397_2.htm>)**