VULHUB ™

漏洞存在于文件\include\cache.func.php里的代码如下: define('DISCUZ_KERNEL_VERSION', '6.1.0'); define('DISCUZ_KERNEL_RELEASE', '20080418'); if(isset($_GET['kernel_version'])) { exit('Crossday Discuz! Board&lt;br /&gt;Developed by Comsenz Inc.&lt;br /&gt;&lt;br /&gt;Version: '.DISCUZ_KERNEL_VERSION.'&lt;br /&gt;Release: '.DISCUZ_KERNEL_RELEASE); } elseif(!defined('IN_DISCUZ')) { exit('Access Denied'); } 提交kernel_version的时会显示版本及补丁信息,如果攻击者结合google-hacking等技术很容易找到没有升级的程序,导致mass类攻击. Release: 2008-04 <a href=http://www.discuz.net target=_blank>http://www.discuz.net</a>

漏洞存在于文件\include\cache.func.php里的代码如下: define('DISCUZ_KERNEL_VERSION', '6.1.0'); define('DISCUZ_KERNEL_RELEASE', '20080418'); if(isset($_GET['kernel_version'])) { exit('Crossday Discuz! Board&lt;br /&gt;Developed by Comsenz Inc.&lt;br /&gt;&lt;br /&gt;Version: '.DISCUZ_KERNEL_VERSION.'&lt;br /&gt;Release: '.DISCUZ_KERNEL_RELEASE); } elseif(!defined('IN_DISCUZ')) { exit('Access Denied'); } 提交kernel_version的时会显示版本及补丁信息,如果攻击者结合google-hacking等技术很容易找到没有升级的程序,导致mass类攻击. Release: 2008-04 <a href=http://www.discuz.net target=_blank>http://www.discuz.net</a>