1 ######################### Securitylab.ir ########################
2 # Application Info:
3 # Name: ecshop
4 # Version: 2.6.2
5 # Website: http://www.ecshop.com
6 #################################################################
7 # Discoverd By: Securitylab.ir
8 # Website: http://securitylab.ir
9 # Contacts: info@securitylab[dot]ir & K4mr4n_st@yahoo.com
10 #################################################################
11 #===========================================================
12 # :: integrate.php ::
13 #
14 # if ($_REQUEST[’act’] == ’sync’)
15 # {
16 # $size = 100;
17 # ......
18 # $tasks = array();
19 # if ($task_del > 0)
20 # {
21 # $tasks[] = array(’task_name’=>sprintf($_LANG[’task_del’], $task_del),’task_status’=>’<span id="task_del">’ . $_LANG
[’task_uncomplete’] . ’<span>’);
22 # $sql = "SELECT user_name FROM " . $ecs−>table(’users’) . " WHERE flag = 2";
23 # $del_list = $db−>getCol($sql);//$del_list
24 # }
25 # if ($task_rename > 0)
26 # {
27 # $tasks[] = array(’task_name’=>sprintf($_LANG[’task_rename’], $task_rename),’task_status’=>’<span id="task_rename">’
. $_LANG[’task_uncomplete’] . ’</span>’);
28 # $sql = "SELECT user_name, alias FROM " . $ecs−>table(’users’) . " WHERE flag = 3";
29 # $rename_list = $db−>getAll($sql);//$rename_list
30 # }
31 # if ($task_ignore >0)
32 # {
33 # $sql = "SELECT user_name FROM " . $ecs−>table(’users’) . " WHERE flag = 4";
34 # $ignore_list = $db−>getCol($sql);//$ignore_list
35 # }
36 # ....
37 # $fp = @fopen(ROOT_PATH . DATA_DIR . ’/integrate_’ . $_SESSION[’code’] . ’_log.php’, ’wb’);
38 # $log = ’’;
39 # if (isset($del_list))
40 # {
41 # $log .= ’$del_list=’ . var_export($del_list,true) . ’;’;
42 # }
43 # if (isset($rename_list))
44 # {
45 # $log .= ’$rename_list=’ . var_export($rename_list, true) . ’;’;
46 # }
47 # if (isset($ignore_list))
48 # {
49 # $log .= ’$ignore_list=’ . var_export($ignore_list, true) . ’;’;
50 # }
Page 1/2
ecshop 2.6.2 Multiple Remote Command Execution Vulnerabilities
Securitylab.ir
05/29/2009
51 # fwrite($fp, $log);
52 # fclose($fp);