ecshop 2.7.3 /flow.php 登录绕过漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

<p>影响文件:flow.php&nbsp;188行开始<br></p><pre class="">elseif ($_REQUEST['step'] == 'login') { include_once('languages/'. $_CFG['lang']. '/user.php'); /* * 用户登录注册 */ if ($_SERVER['REQUEST_METHOD'] == 'GET') ..... else { include_once('includes/lib_passport.php'); if (!empty($_POST['act']) &amp;&amp; $_POST['act'] == 'signin') { $captcha = intval($_CFG['captcha']); if (($captcha &amp; CAPTCHA_LOGIN) &amp;&amp; (!($captcha &amp; CAPTCHA_LOGIN_FAIL) || (($captcha &amp; CAPTCHA_LOGIN_FAIL) &amp;&amp; $_ SESSION['login_fail'] &gt; 2)) &amp;&amp; gd_version() &gt; 0) { if (empty($_POST['captcha'])) { show_message($_LANG['invalid_captcha']); } /* 检查验证码 */ include_once('includes/cls_captcha.php'); $validator = new captcha(); $validator-&gt;session_word = 'captcha_login'; if (!$validator-&gt;check_word($_POST['captcha'])) { show_message($_LANG['invalid_captcha']); } } if ($user-&gt;login($_POST['username'], $_POST['password'],isset($_POST['remember']))) { ..... }...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息