爆错 – ChaBug安全 / 一个分享知识、结识伙伴、资源共享的博客 Wed, 28 Mar 2018 16:28:30 +0000 zh-CN hourly 1 https://wordpress.org/?v=5.5.5 cms爆绝对路径收集 /web/389.html Wed, 28 Mar 2018 16:28:30 +0000 /?p=318 DeDeCms 
/member/templets/menulit.php
/plus/paycenter/alipay/return_url.php
/plus/paycenter/cbpayment/autoreceive.php
/paycenter/nps/config_pay_nps.php
/plus/task/dede-maketimehtml.php
/plus/task/dede-optimize-table.php
/plus/task/dede-upcache.php

WordPress

/wp-admin/includes/file.php
/wp-content/themes/baiaogu-seo/footer.php

Ecshop商城系统暴路径漏洞文件

/api/cron.php
/wap/goods.php
/temp/compiled/ur_here.lbi.php
/temp/compiled/pages.lbi.php
/temp/compiled/user_transaction.dwt.php
/temp/compiled/history.lbi.php
/temp/compiled/page_footer.lbi.php
/temp/compiled/goods.dwt.php
/temp/compiled/user_clips.dwt.php
/temp/compiled/goods_article.lbi.php
/temp/compiled/comments_list.lbi.php
/temp/compiled/recommend_promotion.lbi.php
/temp/compiled/search.dwt.php
/temp/compiled/category_tree.lbi.php
/temp/compiled/user_passport.dwt.php
/temp/compiled/promotion_info.lbi.php
/temp/compiled/user_menu.lbi.php
/temp/compiled/message.dwt.php
/temp/compiled/admin/pagefooter.htm.php
/temp/compiled/admin/page.htm.php
/temp/compiled/admin/start.htm.php
/temp/compiled/admin/goods_search.htm.php
/temp/compiled/admin/index.htm.php
/temp/compiled/admin/order_list.htm.php
/temp/compiled/admin/menu.htm.php
/temp/compiled/admin/login.htm.php
/temp/compiled/admin/message.htm.php
/temp/compiled/admin/goods_list.htm.php
/temp/compiled/admin/pageheader.htm.php
/temp/compiled/admin/top.htm.php
/temp/compiled/top10.lbi.php
/temp/compiled/member_info.lbi.php
/temp/compiled/bought_goods.lbi.php
/temp/compiled/goods_related.lbi.php
/temp/compiled/page_header.lbi.php
/temp/compiled/goods_script.html.php
/temp/compiled/index.dwt.php
/temp/compiled/goods_fittings.lbi.php
/temp/compiled/myship.dwt.php
/temp/compiled/brands.lbi.php
/temp/compiled/help.lbi.php
/temp/compiled/goods_gallery.lbi.php
/temp/compiled/comments.lbi.php
/temp/compiled/myship.lbi.php
/includes/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
/includes/modules/cron/auto_manage.php
/includes/modules/cron/ipdel.php

Ucenter爆路径

/ucenter/control/admin/db.php

DZbbs

/manyou/admincp.php?my_suffix=%0A%0DTOBY57

Z-blog

/admin/FCKeditor/editor/dialog/fck%5Fspellerpages/spellerpages/server%2Dscripts/spellchecker.php

Php168爆路径

/admin/inc/hack/count.php?job=list
/admin/inc/hack/search.php?job=getcode
/admin/inc/ajax/bencandy.php?job=do
/cache/MysqlTime.txt
/PHPcms2008-sp4

注册用户登陆后访问

/phpcms/corpandresize/process.php?pic=../images/logo.gif

CMSeasy爆网站路径漏洞

漏洞出现在menu_top.php这个文件中

/lib/mods/celive/menu_top.php
/lib/default/ballot_act.php
/lib/default/special_act.php
]]>