https://www.exploit-db.com/exploits/23018
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-395

Zorum3.4版本的index.php存在漏洞。远程攻击者可以借助无效参数名判断web根目录的全路径，该漏洞在PHP出错的消息中泄漏路径。

source: http://www.securityfocus.com/bid/8396/info

A vulnerability has been reported in Zorum message board software that allows a remote attacker to send a malformed HTTP request resulting in a disclosure of the installation path.

This issue may allow an attacker to gain knowledge of the file system in order to mount further attacks against the host.

http://www.example.com/forum/index.php?method=userfunctions&'list=secmenu&

来源:XF
名称:zorum-index-path-disclosure(12868)
链接:http://xforce.iss.net/xforce/xfdb/12868
来源:BID
名称:8396
链接:http://www.securityfocus.com/bid/8396
来源:SECTRACK
名称:1013365
链接:http://securitytracker.com/id?1013365
来源:BUGTRAQ
名称:20030811ZH2003-22SA(securityadvisory):ZorumXSSVulnerabilityandPathDisclosure
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=106063199925536&w;=2