Invision Power Board (IPB) 2.1.4及之前版本可使远程攻击者借助对多个PHP脚本(在错误消息中包含完整路径,包括ips_kernel/目录中的(1) PEAR/Text/Diff/Renderer/inline.php、(2) PEAR/Text/Diff/Renderer/unified.php、(3) PEAR/Text/Diff3.php、(4) class_db.php、(5) class_db_mysql.php和(6) class_xml.php;sources/sql目录中的(7) mysql_admin_queries.php、(8) mysql_extra_queries.php、(9) mysql_queries.php和(10) mysql_subsm_queries.php;(11) sources/acp_loaders/acp_pages_components.php;(12) sources/action_admin/member.php和(13) sources/action_admin/paysubscriptions.php;sources/action_public目录中的(14) login.php、(15) messenger.php、(16) moderate.php、(17) paysubscriptions.php、(18) register.php、(19) search.php、(20) topics.php和(21)usercp.php;sources/classes目录中的(22) bbcode/class_bbcode.php、(23) bbcode/class_bbcode_legacy.php、(24) editor/class_editor_rte.php、(25) editor/class_editor_std.php、(26) post/class_post.php、(27) post/class_post_edit.php、(28) post/class_post_new.php和(29)post/class_post_reply.php;(30) sources/components_acp/registration_DEPR.php;(31)...
Invision Power Board (IPB) 2.1.4及之前版本可使远程攻击者借助对多个PHP脚本(在错误消息中包含完整路径,包括ips_kernel/目录中的(1) PEAR/Text/Diff/Renderer/inline.php、(2) PEAR/Text/Diff/Renderer/unified.php、(3) PEAR/Text/Diff3.php、(4) class_db.php、(5) class_db_mysql.php和(6) class_xml.php;sources/sql目录中的(7) mysql_admin_queries.php、(8) mysql_extra_queries.php、(9) mysql_queries.php和(10) mysql_subsm_queries.php;(11) sources/acp_loaders/acp_pages_components.php;(12) sources/action_admin/member.php和(13) sources/action_admin/paysubscriptions.php;sources/action_public目录中的(14) login.php、(15) messenger.php、(16) moderate.php、(17) paysubscriptions.php、(18) register.php、(19) search.php、(20) topics.php和(21)usercp.php;sources/classes目录中的(22) bbcode/class_bbcode.php、(23) bbcode/class_bbcode_legacy.php、(24) editor/class_editor_rte.php、(25) editor/class_editor_std.php、(26) post/class_post.php、(27) post/class_post_edit.php、(28) post/class_post_new.php和(29)post/class_post_reply.php;(30) sources/components_acp/registration_DEPR.php;(31) sources/handlers/han_paysubscriptions.php;(32) func_usercp.php;sources/lib/目录中的(33) search_mysql_ftext.php和(34) search_mysql_man.php;以及sources/loginauth目录中的(35) convert/auth.php.bak、(36) external/auth.php和(37) ldap/auth.php)的直接请求来查看敏感信息。
