### 简要描述: 小礼包=小礼物? ### 详细说明: 1.数据库配置信息泄漏 http://wenda.anwsion.com/system/config/database.php_bak 2.SQLI 一个http://wenda.anwsion.com/category/1'" 两个http://wenda.anwsion.com/account/ajax/login_process/ POST:net_auto_login=1&password=123456&post_hash=9ed50d5bb8509404&return_url=http%3A%2F%2Fwenda.anwsion.com%2F&user_name=%5c 3.SVN http://wenda.anwsion.com/.svn/entries http://wenda.anwsion.com/app/.svn/entries http://wenda.anwsion.com/static/.svn/entries http://wenda.anwsion.com/models/.svn/entries http://wenda.anwsion.com/install/.svn/entries http://wenda.anwsion.com/system/.svn/entries http://wenda.anwsion.com/views/.svn/entries 4.error message 泄漏绝对路径 http://wenda.anwsion.com/app/account/ajax.php http://wenda.anwsion.com/app/account/find_password.php http://wenda.anwsion.com/app/account/main.php http://wenda.anwsion.com/app/account/openid.php http://wenda.anwsion.com/app/account/qq.php http://wenda.anwsion.com/app/account/setting.php ### 漏洞证明: [<img...
### 简要描述: 小礼包=小礼物? ### 详细说明: 1.数据库配置信息泄漏 http://wenda.anwsion.com/system/config/database.php_bak 2.SQLI 一个http://wenda.anwsion.com/category/1'" 两个http://wenda.anwsion.com/account/ajax/login_process/ POST:net_auto_login=1&password=123456&post_hash=9ed50d5bb8509404&return_url=http%3A%2F%2Fwenda.anwsion.com%2F&user_name=%5c 3.SVN http://wenda.anwsion.com/.svn/entries http://wenda.anwsion.com/app/.svn/entries http://wenda.anwsion.com/static/.svn/entries http://wenda.anwsion.com/models/.svn/entries http://wenda.anwsion.com/install/.svn/entries http://wenda.anwsion.com/system/.svn/entries http://wenda.anwsion.com/views/.svn/entries 4.error message 泄漏绝对路径 http://wenda.anwsion.com/app/account/ajax.php http://wenda.anwsion.com/app/account/find_password.php http://wenda.anwsion.com/app/account/main.php http://wenda.anwsion.com/app/account/openid.php http://wenda.anwsion.com/app/account/qq.php http://wenda.anwsion.com/app/account/setting.php ### 漏洞证明: [<img src="https://images.seebug.org/upload/201210/11114520819dd7fe74d3ddabbe53d699620f020e.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/11114520819dd7fe74d3ddabbe53d699620f020e.jpg) [<img src="https://images.seebug.org/upload/201210/1111452572459b6abe1f7e2ebbfa92171c1e4510.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/1111452572459b6abe1f7e2ebbfa92171c1e4510.jpg) [<img src="https://images.seebug.org/upload/201210/1111451100888f24eb6ca83f0067e0e2fb9d0f17.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/1111451100888f24eb6ca83f0067e0e2fb9d0f17.jpg) [<img src="https://images.seebug.org/upload/201210/111145163c29fe7b88f4aaa791d0539be506a737.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/111145163c29fe7b88f4aaa791d0539be506a737.jpg) [<img src="https://images.seebug.org/upload/201210/11114506d8882695274800b1e1ea774db5d5a65c.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/11114506d8882695274800b1e1ea774db5d5a65c.jpg) [<img src="https://images.seebug.org/upload/201210/11114459df70377598b9f81074854d9482a097ff.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/11114459df70377598b9f81074854d9482a097ff.jpg) [<img src="https://images.seebug.org/upload/201210/1111445386f239946129fe88c433ce0b5ba9fe9c.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/1111445386f239946129fe88c433ce0b5ba9fe9c.jpg) [<img src="https://images.seebug.org/upload/201210/1111441274d729299780ffdad4e9d11b252d1a44.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/1111441274d729299780ffdad4e9d11b252d1a44.jpg)