Update ecshop-sqli.yaml
parent
6c76c6f99c
commit
30d4f20b7e
|
@ -1,10 +1,10 @@
|
||||||
id: ecshop-sqli
|
id: ecshop-sqli
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Ecshop SQLi
|
name: ECShop 2.x/3.x SQL Injection
|
||||||
author: Lark-lab,ImNightmaree,ritikchaddha
|
author: Lark-lab,ImNightmaree,ritikchaddha
|
||||||
severity: high
|
severity: high
|
||||||
description: A vulnerability in Ecshop allows remote unauthenticated users to inject arbitrary SQL statements into via the 'Referer' header field.
|
description: The vulnerability affects ECShop 2.x and 3.x versions allows remote unauthenticated users to inject arbitrary SQL statements into via the 'Referer' header field,and later via SQL injection vulnerability to malicious code injected into the dangerous eval function in order to achieve arbitrary code execution.
|
||||||
reference:
|
reference:
|
||||||
- https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
|
- https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
|
||||||
- https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html
|
- https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html
|
||||||
|
|
Loading…
Reference in New Issue