YzmCMS_3.6_Bug
YzmCMS 3.6 bug
[Suggested description] YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.[Additional Information] The vulnerability was discovered by downloading the program's source code to local and online deployment tests.Location: domain/application/install/templates/s1.phpCode: <?php require './templates/header.php'; ?>Rows : 10Return error : Warning: require(./templates/header.php): failed to open stream: No such file or directory in /www/application/install/templates/s1.php on line 10 Fatal error: require(): Failed opening required './templates/header.php' (include_path='.;C:\php\pear') in /www/application/install/templates/s1.php on line 10Harm: Web Site physical path leakage .Conditions for Execution: Normal access canEdition: YzmCMS 3.6Cause the cause : require(): Failed opening required './templates/header.php' (include_path='.;C:\php\pear') in /www/application/install/templates/s1.php on line 10, cause path leakage.fix suggestions : Modify the application source code to avoid information leakage.[VulnerabilityType Other] physical path leakage[Vendor of Product] YzmCMS[Affected Product Code Base] YzmCMS - 3.6[Affected Component] /application/install/templates/s1.php , require(./templates/header.php): failed to open stream: No such file or directory , Web Site physical path leakage .[Attack Type] Remote[Impact Information Disclosure] true[Attack Vectors] The vulnerability is triggered by accessing the following URL : http://domain/application/install/templates/s1.php[Discoverer] kongxin
Last modified 1yr ago