ecshop最新版 (v272) 本地包含拿SHELL
直接看代码: js/calendar.php $lang = (!empty($_GET['lang'])) ? trim($_GET['lang']) : ‘zh_cn’;//没有过滤,很明显的包含漏洞 if (!file_exists(‘../languages/’ . $lang . ‘/calendar.php’)) { $lang = ‘zh_cn’; } require(dirname...
直接看代码: js/calendar.php $lang = (!empty($_GET['lang'])) ? trim($_GET['lang']) : ‘zh_cn’;//没有过滤,很明显的包含漏洞 if (!file_exists(‘../languages/’ . $lang . ‘/calendar.php’)) { $lang = ‘zh_cn’; } require(dirname...