|漏洞详情
JGS-XAJGS-Portal3.0.2及更早版本允许远程攻击者通过直接请求(1)jgs_portal_ref.php,(2)jgs_portal_land.php,(3)jgs_portal_log.php,(4)jgs_portal_global_sponsor.php,(5)jgs_portal_global.php,(6)jgs_portal_system.php,(7)jgs_portal_views.php;或在jgs_portal_include目录中的多个文件,包括(8)jgs_portal_boardmenue.php,(9)jgs_portal_forenliste.php,(10)jgs_portal_geburtstag.php,(11)jgs_portal_guckloch.php,(12)jgs_portal_kalender.php,(13)jgs_portal_letztethemen.php,(14)jgs_portal_links.php,(15)jgs_portal_neustemember.php,(16)jgs_portal_newsboard.php,(17)jgs_portal_online.php,(18)jgs_portal_pn.php,(19)jgs_portal_portalmenue.php,(20)jgs_portal_styles.php,(21)jgs_portal_suchen.php,(22)jgs_portal_team.php,(23)jgs_portal_topforen.php,(24)jgs_portal_topposter.php,(25)jgs_portal_umfrage.php,(26)jgs_portal_useravatar.php,(27)jgs_portal_waronline.php,(28)jgs_portal_woonline.php或(29)jgs_portal_zufallsavatar.php,来获取服务器的完整路径。
|参考资料
来源:BUGTRAQ
名称:20050516[SeProBugtraq]WBBPortal-JGS-Portal<=3.0.2-MultipleVulnerabilities(09.05.05)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111627681218415&w;=2
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666