Update ecshop-sqli.yaml

patch-1
Ritik Chaddha 2022-05-19 00:51:53 +05:30 committed by GitHub
parent 6c76c6f99c
commit 30d4f20b7e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions

View File

@ -1,10 +1,10 @@
id: ecshop-sqli id: ecshop-sqli
info: info:
name: Ecshop SQLi name: ECShop 2.x/3.x SQL Injection
author: Lark-lab,ImNightmaree,ritikchaddha author: Lark-lab,ImNightmaree,ritikchaddha
severity: high severity: high
description: A vulnerability in Ecshop allows remote unauthenticated users to inject arbitrary SQL statements into via the 'Referer' header field. description: The vulnerability affects ECShop 2.x and 3.x versions allows remote unauthenticated users to inject arbitrary SQL statements into via the 'Referer' header field,and later via SQL injection vulnerability to malicious code injected into the dangerous eval function in order to achieve arbitrary code execution.
reference: reference:
- https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a - https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
- https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html - https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html