Wolves Security Team

Unfortunately no one can be told what W.S.T is - you have to see it for yourself.

You are not logged in.

Announcement

欢迎cnryan同学加入狼族:-)

Follow Wolves Security Team Official Google Buzz!

Pages: 1

#1 2009-03-22 13:07:55

puret_t
Administrator
Registered: 2008-10-05
Posts: 86

ECMall本地文件包含漏洞

by Ryat
http://bbs.wolvez.org

respond.php 48行

$pay_code = !empty($_REQUEST['code']) ? trim($_REQUEST['code']) : '';
...
$plugin_file = ROOT_PATH . '/includes/payment/' . $pay_code . '.php';
if (is_file($plugin_file))
{
    include_once($plugin_file);

很明显的一个bug
利用的话可以参考flyh4t提到过[http://bbs.wolvez.org/topic/56/]的一个思路:

可以通过旁注拿个shell,然后写个main.php到/tmp目录下,然后包含之

Offline

#2 2009-03-22 17:10:00

flyh4t
Administrator
Registered: 2008-10-06
Posts: 89

Re: ECMall本地文件包含漏洞

:)  这段代码好熟悉啊,和phpcms以前的一个bug好相似啊,文件都是同一个

哈哈,难道好多开发的都相互借鉴?

Offline

#3 2009-03-23 23:06:33

q1ur3n
Administrator
Registered: 2008-10-05
Posts: 52

Re: ECMall本地文件包含漏洞

嘿嘿,在ECshop里是没有的。

Offline

Pages: 1

Board footer

Powered by FluxBB