daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update ecshop-sqli.yaml

patch-1
Ritik Chaddha 2022-05-19 00:51:53 +05:30 committed by GitHub
parent 6c76c6f99c
commit 30d4f20b7e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vulnerabilities/other/ecshop-sqli.yaml
View File

@ -1,10 +1,10 @@
id: ecshop-sqli
info:
name: Ecshop SQLi
name: ECShop 2.x/3.x SQL Injection
author: Lark-lab,ImNightmaree,ritikchaddha
severity: high
description: A vulnerability in Ecshop allows remote unauthenticated users to inject arbitrary SQL statements into via the 'Referer' header field.
description: The vulnerability affects ECShop 2.x and 3.x versions allows remote unauthenticated users to inject arbitrary SQL statements into via the 'Referer' header field,and later via SQL injection vulnerability to malicious code injected into the dangerous eval function in order to achieve arbitrary code execution.
reference:
- https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
- https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html