Brief description: All use of this program the IDC website are the existence of a path disclosure. Detailed description: In the website of domain name registration of domain registration suffix is the number of queries when excessive, can lead to the website path disclosure. Vulnerability to prove: In domain registration section, the query whether the domain name is registered, select as many of the domain name suffix for the query.
URL:http://www.nicenic.com/domain/mcheck.php The use of this program website, similarly: http://xxx.xxx.xxx/domain/mcheck.php Vulnerability keywords: 1.© China ALL RIGHTS RESERVED this site program interface and source code are protected by applicable laws, unauthorized, prohibited the use of 2. People's Republic of China value-added telecommunications business license:Guangdong B-2 0 0 6 0 3 3 7