Dedecms.com brute-force path

From Minghackers

Vulnerability description:
The dedecms 5.5 program exposes the website path information.

:

Parse error: syntax error, unexpected T_ELSE in I: dedecms. compublic_htmlpluspaycenteralipayeturn_url.php on line 13

Warning: require_once (DEDEINC/memberlogin. class. php) [function. require-once]: failed to open stream: No such file or directory in I: dedecms. logs on line 3

Fatal error: require_once () [function. require]: Failed opening required DEDEINC/memberlogin. class. php (include_path =.; C: php5pear) in I: dedecms. Timeout on line 3

Test address:

Http://www.dedecms.com/plus/paycenter/alipay/return_url.php
Http://www.dedecms.com/plus/paycenter/cbpayment/autoreceive.php
Http://www.dedecms.com/plus/paycenter/nps/config_pay_nps.php

Http://www.dedecms.com/plus/task/dede-maketimehtml.php
Http://www.dedecms.com/plus/task/dede-optimize-table.php

Http://www.dedecms.com/plus/task/dede-upcache.php

In fact, csdn has also encountered errors, some of which are rare. This is the only prompt, so do not perform further damage.

Http://download.csdn.net/sort/tag/VB

Fatal error: Call to a member function row () on a non-object in

/Data/www/download.csdn.net/application/libraries/SuperModel.php on line 208

Http://download.csdn.net//application/libraries/SuperModel.php
Http://download.csdn.net/sort/tag/flex