Possible SQL injection vulnerability #4
Description
Hello,
I would like to report for SQLI vulnerability.
Vulnerability path
File shopex\ecshop\upload\api\client\api.php
dispatch($_POST);File shopex\ecshop\upload\api\client\includes\lib_api.php
function dispatch($post)
{
$func_arr = array('GetDomain', 'UserLogin', 'AddCategory', 'AddBrand', 'AddGoods', 'GetCategory', 'GetBrand', 'GetGoods', 'DeleteBrand', 'DeleteCategory', 'DeleteGoods', 'EditBrand', 'EditCategory', 'EditGoods');
if(in_array($post['Action'], $func_arr) && function_exists('API_'.$post['Action']))
{
call_user_func('API_'.$post['Action'], $post);File shopex\ecshop\upload\api\client\includes\lib_api.php
function API_UserLogin($post)
{
$post['username'] = isset($post['UserId']) ? trim($post['UserId']) : '';
$post['password'] = isset($post['Password']) ? strtolower(trim($post['Password'])) : '';
$sql = "SELECT user_id, user_name, password, action_list, last_login".
" FROM " . $GLOBALS['ecs']->table('admin_user') .
" WHERE user_name = '" . $post['username']. "'";
$row = $GLOBALS['db']->getRow($sql);File shopex\ecshop\upload\includes\cls_mysql.php
function getRow($sql, $limited = false)
{
$res = $this->query($sql);