Ecshop存在诸多SQL注射漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 开源网店系统Ecshop存在多处的SQL注射漏洞,成功利用可以获取网店权限 ### 详细说明: flow.php ``` elseif ($_REQUEST['step'] == 'update_cart') { if (isset($_POST['goods_number']) && is_array($_POST['goods_number'])) { flow_update_cart($_POST['goods_number']); } show_message($_LANG['update_cart_notice'], $_LANG['back_to_cart'], 'flow.php'); exit; } ``` ``` function flow_update_cart($arr) { /* 处理 */ foreach ($arr AS $key => $val) { $val = intval(make_semiangle($val)); if ($val <= 0 && !is_numeric($key)) { continue; } //查询: $sql = "SELECT `goods_id`, `goods_attr_id`, `product_id`, `extension_code` FROM" .$GLOBALS['ecs']->table('cart'). " WHERE rec_id='$key' AND session_id='" . SESS_ID . "'"; $goods = $GLOBALS['db']->getRow($sql); $sql = "SELECT g.goods_name, g.goods_number ". "FROM " .$GLOBALS['ecs']->table('goods'). " AS g, ". $GLOBALS['ecs']->table('cart'). " AS c ". "WHERE g.goods_id = c.goods_id AND c.rec_id = '$key'"; $row = $GLOBALS['db']->getRow($sql); //查询:系统启用了库存,检查输入的商品数量是否有效 if...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息