Ecshop\u63d0\u4f9b\u4e86\u5bc6\u7801\u627e\u56de\u529f\u80fd\uff0c\u4f46\u662f\u6574\u4e2a\u5bc6\u7801\u627e\u56de\u6d41\u7a0b\u4e2d\u5b58\u5728\u4e00\u4e9b\u8bbe\u8ba1\u4e0a\u7684\u5b89\u5168\u9690\u60a3<\/p>\n
\r\n1<\/span><\/span>. Ecshop\u7a0b\u5e8f\u4f7f\u7528\u4e86MD5\u4e0d\u53ef\u9006\u52a0\u5bc6\u7b97\u6cd5\uff0c\u4f46\u662f\u8ba1\u7b97\u5bc6\u6587\u7684\u751f\u6210\u5143\u7d20\u90fd\u6709\u53ef\u4ee5\u5f88\u8f7b\u6613\u5730\u88ab\u9ed1\u5ba2\u62ff\u5230\r\n<\/span>\/*<\/span>\r\nif<\/span> (md5($adminid<\/span> . $password<\/span>) <> $code<\/span>)\r\n1<\/span>. $adminid<\/span>: \u9ed1\u5ba2\u663e\u5f0f\u6307\u5b9a\r\n2<\/span>. $password<\/span>: \u66b4\u529b\u679a\u4e3e\r\n<\/span>*\/<\/span><\/span>\r\n\r\n2<\/span><\/span>. \u5bf9\u91cd\u590d\u5931\u8d25\u6b21\u6570\u6ca1\u6709\u505a\u9650\u5236<\/pre>\n 1. \u6f0f\u6d1e\u89e6\u53d1\u6761\u4ef6<\/span><\/h4>\n HTTP Package Repeater<\/p>\n
2 \u6f0f\u6d1e\u5f71\u54cd\u8303\u56f4<\/p>\n
\r\n1<\/span>. ecshop 2.7<\/span>.2<\/span>\r\n2<\/span>. ecshop 2.7<\/span>.3<\/span>\r\n3<\/span>. ...<\/pre>\n 3. \u6f0f\u6d1e\u4ee3\u7801\u5206\u6790<\/p>\n
admin\/get_password.php<\/p>\n
\r\n...\r\n<\/span>\/*<\/span><\/span> \u9a8c\u8bc1\u65b0\u5bc6\u7801\uff0c\u66f4\u65b0\u7ba1\u7406\u5458\u5bc6\u7801 <\/span>*\/<\/span><\/span>\r\n elseif<\/span> (<\/span>!empty<\/span>($_POST<\/span>['<\/span><\/span>action<\/span>'<\/span><\/span>]) && $_POST<\/span>['<\/span><\/span>action<\/span>'<\/span><\/span>] == '<\/span><\/span>reset_pwd<\/span>'<\/span><\/span>)\r\n {\r\n <\/span>$new_password<\/span> <\/span>= isset<\/span>($_POST<\/span>['<\/span><\/span>password<\/span>'<\/span><\/span>]) ? trim($_POST<\/span>['<\/span><\/span>password<\/span>'<\/span><\/span>]) : ''<\/span><\/span>;\r\n <\/span>$adminid<\/span> <\/span>= isset<\/span>($_POST<\/span>['<\/span><\/span>adminid<\/span>'<\/span><\/span>]) ? intval($_POST<\/span>['<\/span><\/span>adminid<\/span>'<\/span><\/span>]) : 0<\/span><\/span>;\r\n <\/span>$code<\/span>\t <\/span>= isset<\/span>($_POST<\/span>['<\/span><\/span>code<\/span>'<\/span><\/span>]) ? trim($_POST<\/span>['<\/span><\/span>code<\/span>'<\/span><\/span>]) : ''<\/span><\/span>;\r\n <\/span><\/span>if<\/span><\/span> (empty<\/span>($new_password<\/span>) || empty<\/span>($code<\/span>) || $adminid<\/span> == 0<\/span><\/span>)\r\n <\/span>{\r\n <\/span> ecs_header(<\/span>\"<\/span><\/span>Location: privilege.php?act=login\\n<\/span>\"<\/span><\/span>);\r\n <\/span> exit<\/span>;\r\n <\/span>}\r\n <\/span><\/span>\/*<\/span><\/span> \u4ee5\u7528\u6237\u7684\u539f\u5bc6\u7801\uff0c\u4e0ecode\u7684\u503c\u5339\u914d <\/span>*\/<\/span><\/span>\r\n <\/span>$sql<\/span> <\/span>= '<\/span><\/span>SELECT password FROM <\/span>'<\/span><\/span> .$ecs<\/span>->table('<\/span><\/span>admin_user<\/span>'<\/span><\/span>). \"<\/span><\/span> WHERE user_id = '$adminid'<\/span>\"<\/span><\/span>;\r\n <\/span>$password<\/span> <\/span>= $db<\/span>->getOne($sql<\/span>);\r\n <\/span><\/span>\/*<\/span><\/span> <\/span>\u8fd9\u91cc\u662f\u6f0f\u6d1e\u7684\u5173\u952e <\/span>1. $adminid\uff1a\u9ed1\u5ba2\u60f3\u8981\u7206\u7834\u653b\u51fb\u91cd\u7f6e\u5bc6\u7801\u7684\u5bf9\u8c61 <\/span>2. $password\uff1a\u9ed1\u5ba2\u901a\u8fc7\u5bc6\u7801\u66b4\u529b\u679a\u4e3e <\/span>3. $code\uff1a\u9ed1\u5ba2\u53ef\u4ee5\u5728\u672c\u5730\u4f7f\u7528\u76f8\u540c\u7684\u7b97\u6cd5\u8fdb\u884c\u8ba1\u7b97\u5f97\u5230 <\/span><\/span>*\/<\/span><\/span>\r\n <\/span>if<\/span><\/span> (md5($adminid<\/span> . $password<\/span>) <> $code<\/span>)<\/span>\/\/www.ldhost.cn<\/span>\r\n <\/span>{\r\n <\/span> <\/span>\/\/<\/span><\/span>\u6b64\u94fe\u63a5\u4e0d\u5408\u6cd5<\/span><\/span>\r\n <\/span> $link<\/span>[0<\/span><\/span>]['<\/span><\/span>text<\/span>'<\/span><\/span>] = $_LANG<\/span>['<\/span><\/span>back<\/span>'<\/span><\/span>];\r\n <\/span> $link<\/span>[<\/span>0<\/span><\/span>]['<\/span><\/span>href<\/span>'<\/span><\/span>] = '<\/span><\/span>privilege.php?act=login<\/span>'<\/span><\/span>;\r\n <\/span> sys_msg($_LANG<\/span>[<\/span>'<\/span><\/span>code_param_error<\/span>'<\/span><\/span>], 0<\/span><\/span>, $link<\/span>);\r\n <\/span>}\r\n....<\/span>\r\n<\/pre>\n 4. \u9632\u5fa1\u65b9\u6cd5<\/p>\n
\u8fd9\u4e2a\u6f0f\u6d1e\u5c5e\u4e8e\u5bc6\u7801\u5b66\u7684\u6297\u7a77\u4e3e\u8bbe\u8ba1\u7f3a\u9677\uff0c\u8981\u5bf9\u8fd9\u4e2a\u6f0f\u6d1e\u8fdb\u884c\u4fee\u590d\uff0c\u540c\u65f6\u8981\u80fd\u4fdd\u8bc1\u5bf9\u539f\u6709\u7684\u4e1a\u52a1\u8fdb\u884c\u5e73\u6ed1\u517c\u5bb9\uff0c\u6211\u4eec\u53ef\u4ee5\u4ece\u4ee5\u4e0b\u51e0\u4e2a\u65b9\u9762\u53bb\u601d\u8003<\/p>\n
\r\n1<\/span>. \u589e\u52a0\u5bc6\u94a5\u7a7a\u95f4\uff0c\u63d0\u4f9b\u653b\u51fb\u8005\u7684\u653b\u51fb\u6210\u672c\uff1a\u5bb9\u6613\u5b9e\u73b0\r\n<\/span>2<\/span>. \u6539\u53d8\u52a0\u5bc6\u7b97\u6cd5\uff0c\u95f4\u63a5\u5730\u63d0\u9ad8\u4e86\u5bc6\u94a5\u7a7a\u95f4\uff1a\u9700\u8981\u5bf9\u539f\u6709\u65e7\u7684\u5bc6\u7801\u8fdb\u884c\u5168\u91cf\u5730\u5347\u7ea7\uff0c\u6539\u9020\u6210\u672c\u5927<\/pre>\n admin\/get_password.php<\/p>\n
\r\n\/*<\/span> \u4ee5\u7528\u6237\u7684\u539f\u5bc6\u7801\uff0c\u4e0ecode\u7684\u503c\u5339\u914d <\/span>*\/<\/span><\/span>\r\n$sql<\/span> <\/span>= '<\/span><\/span>SELECT password FROM <\/span>'<\/span><\/span> .$ecs<\/span>->table('<\/span><\/span>admin_user<\/span>'<\/span><\/span>).