ECSHOP 后台sql注入漏洞2枚(鸡肋)

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: ECSHOP 后台注入漏洞 ### 详细说明: ``` admin/affiliate_ck.php if ($_REQUEST['act'] == 'list') { $logdb = get_affiliate_ck(); $smarty->assign('full_page', 1); $smarty->assign('ur_here', $_LANG['affiliate_ck']); $smarty->assign('on', $separate_on); function get_affiliate_ck() { $affiliate = unserialize($GLOBALS['_CFG']['affiliate']); empty($affiliate) && $affiliate = array(); $separate_by = $affiliate['config']['separate_by']; $sqladd = ''; if (isset($_REQUEST['status'])) { $sqladd = ' AND o.is_separate = ' . (int)$_REQUEST['status']; $filter['status'] = (int)$_REQUEST['status']; } if (isset($_REQUEST['order_sn'])) { $sqladd = ' AND o.order_sn LIKE \'%' . trim($_REQUEST['order_sn']) . '%\''; $filter['order_sn'] = $_REQUEST['order_sn']; } if (isset($_GET['auid'])) { ``` 漏洞2: ``` admin/agency.php if ($_REQUEST['act'] == 'list') { $smarty->assign('ur_here', $_LANG['agency_list']); $smarty->assign('action_link', array('text' => $_LANG['add_agency'], 'href' => 'agency.php?act=add'));...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息