|漏洞详情
JupiterCMS远程攻击者通过直接请求(1)includes/functions.php,(2)modules/register.php,(3)modules/poll.php,(4)modules/panel.php,(5)modules/pm.php,(6)modules/news.php,(7)modules/templates_change.php,(8)modules/users.php,(9)modules/misc.php,(10)modules/masspm.php,(11)modules/mass-email.php,(12)modules/main-nav.php,(13)modules/login.php,(14)modules/layout.php,(15)modules/hq.php,(16)modules/forum.php,(17)modules/forum-admin.php,(18)modules/events.php,(19)modules/emoticons.php,(20)modules/download.php,(21)modules/blocks.php,(22)modules/ban.php,(23)modules/badwords.php,(24)modules/ads.php或(25)modules/admin.php,在各种错误消息中揭示安装路径,从而获取敏感信息。
|参考资料
来源:BID
名称:20048
链接:http://www.securityfocus.com/bid/20048
来源:BUGTRAQ
名称:20060915JupiterCMSMultipleinjections
链接:http://www.securityfocus.com/archive/1/archive/1/446064/100/0/threaded
来源:SREASON
名称:1608
链接:http://securityreason.com/securityalert/1608