您的位置 » 首页 » 实用工具 » 漏洞播报:ecshop 20多个爆绝对路径方法大全

漏洞播报:ecshop 20多个爆绝对路径方法大全

发表于4年前 | 作者: seay | 分类: 实用工具 | 孵化于:2013年06月13日 | 文章热度:17,126 次 全屏阅读

显示不全请点击全屏阅读

轻松无压力,以下结果由【Seay源代码审计系统1.0】自动生成,没有经过人工处理。报告显示效果不好,请点击上面的【全屏阅读】查看

  

AVY}K1BSCB~5FB]L6$AJKJK

 



Seay代码审计系统漏洞报告

审计结果:发现可疑漏洞总数:29

ID 漏洞描述 文件路径 漏洞详细
1 存在敏感信息泄露漏洞 http://localhost/ecshop//search.php?encode[]=Seay <br /> <b>Warning</b>: trim() expects parameter 1 to be string, array given in <b>G:\wamp\www\ecshop\search.php</b> on line <b>45</b><br /> <!DOCTYPE
2 存在敏感信息泄露漏洞 http://localhost/ecshop//admin/receive.php?ext2[]=Seay <br /> <b>Notice</b>: Undefined index: version in <b>G:\wamp\www\ecshop\admin\receive.php</b> on line <b>20</b><br /> <br /> <b>Notice</b>: Undefine
3 存在敏感信息泄露漏洞 http://localhost/ecshop//admin/receive.php?ext1[]=Seay <br /> <b>Notice</b>: Undefined index: version in <b>G:\wamp\www\ecshop\admin\receive.php</b> on line <b>20</b><br /> <br /> <b>Notice</b>: Undefine
4 存在敏感信息泄露漏洞 http://localhost/ecshop//admin/receive.php?orgName[]=Seay <br /> <b>Notice</b>: Undefined index: version in <b>G:\wamp\www\ecshop\admin\receive.php</b> on line <b>20</b><br /> <br /> <b>Notice</b>: Undefine
5 存在敏感信息泄露漏洞 http://localhost/ecshop//admin/receive.php?userName[]=Seay <br /> <b>Notice</b>: Undefined index: version in <b>G:\wamp\www\ecshop\admin\receive.php</b> on line <b>20</b><br /> <br /> <b>Notice</b>: Undefine
6 存在敏感信息泄露漏洞 http://localhost/ecshop//demo/convert.php <br /> <b>Warning</b>: require(G:/wamp/www/ecshdata/config.php) [<a href=’function.require’>function.require</a>]: failed to open stream: No such fil
7 存在敏感信息泄露漏洞 http://localhost/ecshop//demo/ucimport.php <br /> <b>Warning</b>: require(G:/wamp/www/ecshdata/config.php) [<a href=’function.require’>function.require</a>]: failed to open stream: No such fil
8 存在敏感信息泄露漏洞 http://localhost/ecshop//demo/templates/checking.php <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.
9 存在敏感信息泄露漏洞 http://localhost/ecshop//demo/templates/done.php <html xmlns=”http://www.w3.org/1999/xhtml”> <head> <title><br /> <b>Notice</b>: Undefined variable: lang in <b>G:\wamp\www\ecshop\demo\templates\do
10 存在敏感信息泄露漏洞 http://localhost/ecshop//demo/templates/error.php <html xmlns=”http://www.w3.org/1999/xhtml”> <head> <title><br /> <b>Notice</b>: Undefined variable: lang in <b>G:\wamp\www\ecshop\demo\templates\er
11 存在敏感信息泄露漏洞 http://localhost/ecshop//demo/templates/lang.php <html> <head> <title> <br /> <b>Notice</b>: Undefined variable: lang in <b>G:\wamp\www\ecshop\demo\templates\lang.php</b> on line <b>3</b><br /> <
12 存在敏感信息泄露漏洞 http://localhost/ecshop//demo/templates/readme.php <html> <head> <title> <br /> <b>Notice</b>: Undefined variable: lang in <b>G:\wamp\www\ecshop\demo\templates\readme.php</b> on line <b>3</b><br />
13 存在敏感信息泄露漏洞 http://localhost/ecshop//demo/templates/uc_check.php <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.
14 存在敏感信息泄露漏洞 http://localhost/ecshop//demo/templates/usermerge.php <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.
15 存在敏感信息泄露漏洞 http://localhost/ecshop//install/templates/active.php <html xmlns=”http://www.w3.org/1999/xhtml”> <head> <title><br /> <b>Notice</b>: Undefined variable: lang in <b>G:\wamp\www\ecshop\install\templates
16 存在敏感信息泄露漏洞 http://localhost/ecshop//install/templates/checking.php <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.
17 存在敏感信息泄露漏洞 http://localhost/ecshop//install/templates/checking_content.php <script type=”text/javascript” src=”js/check.js”></script> <form method=”post”> <table border=”0″ cellpadding=”0″ cellspacing=”0″ style=”margin:0 au
18 存在敏感信息泄露漏洞 http://localhost/ecshop//install/templates/done.php <html xmlns=”http://www.w3.org/1999/xhtml”> <head> <title><br /> <b>Notice</b>: Undefined variable: lang in <b>G:\wamp\www\ecshop\install\templates
19 存在敏感信息泄露漏洞 http://localhost/ecshop//install/templates/error.php <html xmlns=”http://www.w3.org/1999/xhtml”> <head> <title><br /> <b>Notice</b>: Undefined variable: lang in <b>G:\wamp\www\ecshop\install\templates
20 存在敏感信息泄露漏洞 http://localhost/ecshop//install/templates/setting.php <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.
21 存在敏感信息泄露漏洞 http://localhost/ecshop//install/templates/setting_content.php <form id=”js-setting”> <table border=”0″ cellpadding=”0″ cellspacing=”0″ style=”margin:0 auto;”> <tr> <td valign=”top”> <div id=”wrapper”>
22 存在敏感信息泄露漏洞 http://localhost/ecshop//install/templates/uc_check.php <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.
23 存在敏感信息泄露漏洞 http://localhost/ecshop//install/templates/welcome.php <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.
24 存在敏感信息泄露漏洞 http://localhost/ecshop//js/calendar.php?lang[]=Seay <br /> <b>Warning</b>: trim() expects parameter 1 to be string, array given in <b>G:\wamp\www\ecshop\js\calendar.php</b> on line <b>16</b><br /> var
25 存在敏感信息泄露漏洞 http://localhost/ecshop//languages/en_us/admin/shop_config.php <br /> <b>Notice</b>: Use of undefined constant ROOT_PATH – assumed ‘ROOT_PATH’ in <b>G:\wamp\www\ecshop\languages\en_us\admin\shop_config.php</b> on
26 存在敏感信息泄露漏洞 http://localhost/ecshop//languages/zh_cn/admin/shop_config.php <br /> <b>Notice</b>: Use of undefined constant ROOT_PATH – assumed ‘ROOT_PATH’ in <b>G:\wamp\www\ecshop\languages\zh_cn\admin\shop_config.php</b> on
27 存在敏感信息泄露漏洞 http://localhost/ecshop//languages/zh_tw/admin/shop_config.php <br /> <b>Notice</b>: Use of undefined constant ROOT_PATH – assumed ‘ROOT_PATH’ in <b>G:\wamp\www\ecshop\languages\zh_tw\admin\shop_config.php</b> on
28 存在敏感信息泄露漏洞 http://localhost/ecshop//mobile/search.php?encode[]=Seay <br /> <b>Warning</b>: trim() expects parameter 1 to be string, array given in <b>G:\wamp\www\ecshop\mobile\search.php</b> on line <b>37</b><br /> <b
29 存在敏感信息泄露漏洞 http://localhost/ecshop//temp/query_caches/sqlcache_config_file_0f9596577e2cfbb348fcfe59ff342252.php <br /> <b>Fatal error</b>: Using $this when not in object context in <b>G:\wamp\www\ecshop\temp\query_caches\sqlcache_config_file_0f9596577e2cfbb348f

 

 

Tags:

ECshop漏洞, Seay源代码审计系统, 代码审计,

如果您喜欢我的博客,欢迎点击图片定订阅到邮箱填写您的邮件地址,订阅我们的精彩内容: 也可以点击链接【订阅到鲜果】

如果我的想法或工具帮助到了你,也可微信扫下方二维码打赏本人一杯咖啡


来自 Seay互联网安全博客
本文地址:http://www.cnseay.com/3007/
文章版权说明请看置顶文章,尊重作者,转载请以链接形式标明原文地址

马上分享给你的朋友吧~

已经有2个筒子的人留下了脚印...

  • safs2safs@fsfal.com 说:
    1楼
    2013 年 6 月 13 日 下午 2:06 回复

    这些信息都是由于服务器的错误配置引起的。。而且还是最基本的配置。只能说你搭建的测试环境,不咋地。。

  • 11111 说:
    2楼
    2013 年 6 月 13 日 下午 9:57 回复

    博主不是打击你啊,实际测试没一个成功!这些报错都是你本地环境搭建问题

发表评论

你的大名(必填)

你的邮箱(必填)

评论内容(必填)