admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-11-07 11:44:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Penetration_Testing_POC/Couch through 2.0存在路径泄露漏洞.md
mr-xn 1e35392d14 upload
2019-07-24 12:22:41 +08:00

22 lines
1.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### 漏洞简介
|漏洞名称|上报日期|漏洞发现者|产品首页|软件链接|版本|CVE编号|
--------|--------|---------|--------|-------|----|------|
|Couch through 2.0存在路径泄露漏洞|2018-03-04| zzw (zzw@5ecurity.cn)|[https://github.com/CouchCMS/CouchCMS/](https://github.com/CouchCMS/CouchCMS/) | [https://github.com/CouchCMS/CouchCMS/](https://github.com/CouchCMS/CouchCMS/) |2.0 | [CVE-2018-7662](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7662)|
#### 漏洞概述
> Couch through 2.0存在路径泄露漏洞当访问特定url时系统返回的报错信息中暴露物理路径信息。Couch through是一个在github上开源的系统漏洞发现者已经将漏洞信息通过[issues](https://github.com/CouchCMS/CouchCMS/issues/46)告知作者。
### POC实现代码如下
------
访问如下页面,报错信息中显示完整物理路径信息。
Location:
includes/mysql2i/mysql2i.func.php
addons/phpmailer/phpmailer.php
Reference in New Issue View Git Blame Copy Permalink