### 简要描述:
StartBBS V1.1.3多处数据库报错显路径
### 详细说明:
第一处:http://127.0.0.1/startbbs/index.php/user/login POST数据username[]=1
[<img src="https://images.seebug.org/upload/201312/1223001738f3ae042b251dc2fe9f4715d6ed2683.png" alt=".png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201312/1223001738f3ae042b251dc2fe9f4715d6ed2683.png)
第二处:http://127.0.0.1/startbbs/index.php/home/getmore/w.jsp 随意构造一个.jsp爆出数据库查询语句
[<img src="https://images.seebug.org/upload/201312/122301531b91022c319346367c1c1763dc0d4b47.png" alt=".png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201312/122301531b91022c319346367c1c1763dc0d4b47.png)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201312/1223001738f3ae042b251dc2fe9f4715d6ed2683.png" alt=".png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201312/1223001738f3ae042b251dc2fe9f4715d6ed2683.png)
[<img src="https://images.seebug.org/upload/201312/122301531b91022c319346367c1c1763dc0d4b47.png" alt=".png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201312/122301531b91022c319346367c1c1763dc0d4b47.png)
京公网安备 11010502034610号
暂无评论