您的位置 » 首页 » 实用工具 » 漏洞播报:phpcms v9 30个爆路径方法集合

漏洞播报:phpcms v9 30个爆路径方法集合

发表于4年前 | 作者: seay | 分类: 实用工具 | 孵化于:2013年06月13日 | 文章热度:16,265 次 全屏阅读

显示不全请点击全屏阅读

以下内容为 【Seay源代码审计系统1.0】 信息泄露插件生成的自动审计报告,没有人为加工。 报告显示效果不好,请点击上面的【全屏阅读】查看 ,13号中午11点半会发一堆各种程序爆路径,比如discuz、phpwind、ecshop之类

 

 



Seay代码审计系统漏洞报告

审计结果:发现可疑漏洞总数:30

ID 漏洞描述 文件路径 漏洞详细
1 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/attachment/templates/album_dir.tpl.php <br /> <b>Fatal error</b>: Using $this when not in object context in <b>G:\wamp\www\phpcms\phpcms\modules\attachment\templates\album_dir.tpl.php</b>
2 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/attachment/templates/album_list.tpl.php <br /> <b>Fatal error</b>: Using $this when not in object context in <b>G:\wamp\www\phpcms\phpcms\modules\attachment\templates\album_list.tpl.php</b>
3 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/attachment/templates/header.tpl.php <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.
4 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/attachment/templates/swfupload.tpl.php <br /> <b>Fatal error</b>: Using $this when not in object context in <b>G:\wamp\www\phpcms\phpcms\modules\attachment\templates\swfupload.tpl.php</b>
5 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/content/fields/downfile/field_add_form.inc.php <br /> <b>Fatal error</b>: Call to undefined function getcache() in <b>G:\wamp\www\phpcms\phpcms\modules\content\fields\downfile\field_add_form.inc.p
6 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/content/fields/omnipotent/field_delete.inc.php <br /> <b>Notice</b>: Undefined variable: db in <b>G:\wamp\www\phpcms\phpcms\modules\content\fields\omnipotent\field_delete.inc.php</b> on line <b>2<
7 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/content/fields/omnipotent/field_edit.inc.php <br /> <b>Notice</b>: Undefined variable: maxlength in <b>G:\wamp\www\phpcms\phpcms\modules\content\fields\omnipotent\field_edit.inc.php</b> on line
8 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/content/fields/text/field_delete.inc.php <br /> <b>Notice</b>: Undefined variable: db in <b>G:\wamp\www\phpcms\phpcms\modules\content\fields\text\field_delete.inc.php</b> on line <b>2</b><br
9 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/content/fields/text/field_edit.inc.php <br /> <b>Notice</b>: Undefined variable: maxlength in <b>G:\wamp\www\phpcms\phpcms\modules\content\fields\text\field_edit.inc.php</b> on line <b>2</
10 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/content/fields/textarea/field_delete.inc.php <br /> <b>Notice</b>: Undefined variable: db in <b>G:\wamp\www\phpcms\phpcms\modules\content\fields\textarea\field_delete.inc.php</b> on line <b>2</b
11 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/content/fields/textarea/field_edit.inc.php <br /> <b>Notice</b>: Undefined variable: maxlength in <b>G:\wamp\www\phpcms\phpcms\modules\content\fields\textarea\field_edit.inc.php</b> on line <b
12 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/formguide/formguide_field.php <br /> <b>Notice</b>: Use of undefined constant PC_PATH – assumed ‘PC_PATH’ in <b>G:\wamp\www\phpcms\phpcms\modules\formguide\formguide_field.php</b>
13 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/formguide/fields/text/field_delete.inc.php <br /> <b>Notice</b>: Undefined variable: db in <b>G:\wamp\www\phpcms\phpcms\modules\formguide\fields\text\field_delete.inc.php</b> on line <b>2</b><
14 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/formguide/fields/text/field_edit.inc.php <br /> <b>Notice</b>: Undefined variable: maxlength in <b>G:\wamp\www\phpcms\phpcms\modules\formguide\fields\text\field_edit.inc.php</b> on line <b>2
15 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/formguide/fields/textarea/field_delete.inc.php <br /> <b>Notice</b>: Undefined variable: db in <b>G:\wamp\www\phpcms\phpcms\modules\formguide\fields\textarea\field_delete.inc.php</b> on line <b>2<
16 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/formguide/fields/textarea/field_edit.inc.php <br /> <b>Notice</b>: Undefined variable: maxlength in <b>G:\wamp\www\phpcms\phpcms\modules\formguide\fields\textarea\field_edit.inc.php</b> on line
17 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/link/templates/link_edit.tpl.php <br /> <b>Fatal error</b>: Using $this when not in object context in <b>G:\wamp\www\phpcms\phpcms\modules\link\templates\link_edit.tpl.php</b> on lin
18 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/member/classes/OauthSDK.class.php <br /> <b>Fatal error</b>: Uncaught exception ‘Exception’ with message ‘Snda needs the CURL PHP extension.’ in G:\wamp\www\phpcms\phpcms\modules\memb
19 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/member/fields/checkmobile/field_edit.inc.php <br /> <b>Notice</b>: Undefined variable: maxlength in <b>G:\wamp\www\phpcms\phpcms\modules\member\fields\checkmobile\field_edit.inc.php</b> on line
20 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/member/fields/omnipotent/field_delete.inc.php <br /> <b>Notice</b>: Undefined variable: db in <b>G:\wamp\www\phpcms\phpcms\modules\member\fields\omnipotent\field_delete.inc.php</b> on line <b>2</
21 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/member/fields/omnipotent/field_edit.inc.php <br /> <b>Notice</b>: Undefined variable: maxlength in <b>G:\wamp\www\phpcms\phpcms\modules\member\fields\omnipotent\field_edit.inc.php</b> on line <
22 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/member/fields/text/field_delete.inc.php <br /> <b>Notice</b>: Undefined variable: db in <b>G:\wamp\www\phpcms\phpcms\modules\member\fields\text\field_delete.inc.php</b> on line <b>2</b><br
23 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/member/fields/text/field_edit.inc.php <br /> <b>Notice</b>: Undefined variable: maxlength in <b>G:\wamp\www\phpcms\phpcms\modules\member\fields\text\field_edit.inc.php</b> on line <b>2</b
24 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/member/fields/textarea/field_delete.inc.php <br /> <b>Notice</b>: Undefined variable: db in <b>G:\wamp\www\phpcms\phpcms\modules\member\fields\textarea\field_delete.inc.php</b> on line <b>2</b>
25 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/member/fields/textarea/field_edit.inc.php <br /> <b>Notice</b>: Undefined variable: maxlength in <b>G:\wamp\www\phpcms\phpcms\modules\member\fields\textarea\field_edit.inc.php</b> on line <b>
26 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/pay/classes/Alipay.class.php <br /> <b>Fatal error</b>: Class ‘pc_base’ not found in <b>G:\wamp\www\phpcms\phpcms\modules\pay\classes\Alipay.class.php</b> on line <b>23</b><br />
27 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/pay/classes/Chinabank.class.php <br /> <b>Fatal error</b>: Class ‘pc_base’ not found in <b>G:\wamp\www\phpcms\phpcms\modules\pay\classes\Chinabank.class.php</b> on line <b>21</b><br
28 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/pay/classes/Sndapay.class.php <br /> <b>Fatal error</b>: Class ‘pc_base’ not found in <b>G:\wamp\www\phpcms\phpcms\modules\pay\classes\Sndapay.class.php</b> on line <b>21</b><br /
29 存在敏感信息泄露漏洞 http://localhost/phpcms//phpcms/modules/poster/templates/space_preview.tpl.php <!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN” “http://www.w3.org/TR/html4/loose.dtd”> <html> <head> <meta http-equiv=”X-UA-Compati
30 存在敏感信息泄露漏洞 http://localhost/phpcms//phpsso_server/api.php?op[]=Seay <br /> <b>Warning</b>: trim() expects parameter 1 to be string, array given in <b>G:\wamp\www\phpcms\phpsso_server\api.php</b> on line <b>13</b><br /

 

 

 

 

 

Tags:

phpcms v9漏洞, Seay源代码审计系统, 代码审计,

如果您喜欢我的博客,欢迎点击图片定订阅到邮箱填写您的邮件地址,订阅我们的精彩内容: 也可以点击链接【订阅到鲜果】

如果我的想法或工具帮助到了你,也可微信扫下方二维码打赏本人一杯咖啡


来自 Seay互联网安全博客
本文地址:http://www.cnseay.com/3012/
文章版权说明请看置顶文章,尊重作者,转载请以链接形式标明原文地址

马上分享给你的朋友吧~

已经有1个筒子留下了脚印...

  • Ha.Cker.In 说:
    1楼
    2013 年 7 月 5 日 下午 2:32 回复

    第三条和29条是误报哦, 😐 改进下

发表评论

你的大名(必填)

你的邮箱(必填)

评论内容(必填)