ZanfiCmsLite多个安全漏洞

ZanfiCmsLite存在多个漏洞，远程攻击者可以利用这些漏洞获得路径信息或执行任意命令。 第一个漏洞是路径泄露漏洞，提交类似如下请求： http://localhost/cms/admpages.php 可返回包含路径信息的错误消息： Warning: mysqlquery: supplied argument is not a valid MySQL-Link resource in \ c:\appserv\www\cms\admpages.php on line 2 No blocks in the table...

Multiple vulnerabilities in ZanfiCmsLite

AuThor:Cracklove emA!l:CrackloveatGmaildotCom HoMePaGe:http://ProxySky.com Info Website: http://www.zanfi.nl Version: 1.1,The Newest Version Problem: Full path disclosure,Include file Vuls 1.Full path disclosure: Let's try to request like this: http://localhost/cms/admpages.php and we get standar...