dedecms, the phpmyadmin storm path latest collection-vulnerability warning-the black bar safety net

2010-06-25T00:00:00
ID MYHACK58:62201027371
Type myhack58
Reporter 佚名
Modified 2010-06-25T00:00:00

Description

Vulnerability description: dedecms 5.5 procedure leaked site path information.

Test address:

http://www.xxx.com/plus/paycenter/alipay/return_url.php http://www.xxx.com/plus/paycenter/cbpayment/autoreceive.php http://www.xxx.com/plus/paycenter/nps/config_pay_nps.php http://www.xxx.com/plus/task/dede-maketimehtml.php http://www.xxx.com/plus/task/dede-optimize-table.php http://www.xxx.com/plus/task/dede-upcache.php

1. /phpmyadmin/libraries/lect_lang.lib.php 2./ phpMyAdmin/index. php? lang[]=1 3. /phpMyAdmin/phpinfo.php 4. load_file() 5./phpmyadmin/themes/darkblue_orange/layout.inc.php 6./phpmyadmin/libraries/select_lang.lib.php 7./phpmyadmin/libraries/lect_lang.lib.php 8./phpmyadmin/libraries/mcrypt.lib.php