### 简要描述:
小礼包=小礼物?
### 详细说明:
1.数据库配置信息泄漏
http://wenda.anwsion.com/system/config/database.php_bak
2.SQLI
一个http://wenda.anwsion.com/category/1'"
两个http://wenda.anwsion.com/account/ajax/login_process/
POST:net_auto_login=1&password=123456&post_hash=9ed50d5bb8509404&return_url=http%3A%2F%2Fwenda.anwsion.com%2F&user_name=%5c
3.SVN
http://wenda.anwsion.com/.svn/entries
http://wenda.anwsion.com/app/.svn/entries
http://wenda.anwsion.com/static/.svn/entries
http://wenda.anwsion.com/models/.svn/entries
http://wenda.anwsion.com/install/.svn/entries
http://wenda.anwsion.com/system/.svn/entries
http://wenda.anwsion.com/views/.svn/entries
4.error message 泄漏绝对路径
http://wenda.anwsion.com/app/account/ajax.php
http://wenda.anwsion.com/app/account/find_password.php
http://wenda.anwsion.com/app/account/main.php
http://wenda.anwsion.com/app/account/openid.php
http://wenda.anwsion.com/app/account/qq.php
http://wenda.anwsion.com/app/account/setting.php
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201210/11114520819dd7fe74d3ddabbe53d699620f020e.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/11114520819dd7fe74d3ddabbe53d699620f020e.jpg)
[<img src="https://images.seebug.org/upload/201210/1111452572459b6abe1f7e2ebbfa92171c1e4510.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/1111452572459b6abe1f7e2ebbfa92171c1e4510.jpg)
[<img src="https://images.seebug.org/upload/201210/1111451100888f24eb6ca83f0067e0e2fb9d0f17.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/1111451100888f24eb6ca83f0067e0e2fb9d0f17.jpg)
[<img src="https://images.seebug.org/upload/201210/111145163c29fe7b88f4aaa791d0539be506a737.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/111145163c29fe7b88f4aaa791d0539be506a737.jpg)
[<img src="https://images.seebug.org/upload/201210/11114506d8882695274800b1e1ea774db5d5a65c.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/11114506d8882695274800b1e1ea774db5d5a65c.jpg)
[<img src="https://images.seebug.org/upload/201210/11114459df70377598b9f81074854d9482a097ff.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/11114459df70377598b9f81074854d9482a097ff.jpg)
[<img src="https://images.seebug.org/upload/201210/1111445386f239946129fe88c433ce0b5ba9fe9c.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/1111445386f239946129fe88c433ce0b5ba9fe9c.jpg)
[<img src="https://images.seebug.org/upload/201210/1111441274d729299780ffdad4e9d11b252d1a44.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/1111441274d729299780ffdad4e9d11b252d1a44.jpg)
京公网安备 11010502034610号
暂无评论