漏洞描述
该漏洞是由于备份文件(如settings.php.bak、settings.php.old等)未被正确保护,导致敏感信息(如数据库名称、数据库连接信息等)可能被泄露。攻击者可以通过访问这些备份文件获取敏感信息,从而进一步攻击目标系统。
php-files / 信息泄露漏洞
PoC代码
暂无相关漏洞推荐
- Langflow /api/v1/files/profile_pictures/../langflow.db 目录遍历漏洞
- 新中大ERP企业管理软件 /filesrv/NGInterface/Index SQL 注入漏洞
- POC generic-php-files: Generic PHP Backup Information Disclosure
- Progress Chef Automate /api/v0/compliance/profiles/search SQL 注入漏洞(CVE-2025-8868)
- Dify /console/api/remote-files/upload 服务器端请求伪造漏洞
- hikvision-files-upload: Hikvision Files Upload
- backup-files: Compressed Backup File - Detect
- POC CVE-2007-4504: Joomla! RSfiles <=1.0.2 - Local File Inclusion
- POC CVE-2021-40875: Gurock TestRail Application files.md5 Exposure
- POC CVE-2015-8399: Atlassian Confluence configuration files read
- POC gcloud-filestore-deletion-protection-disabled: Filestore Instance Deletion Protection Not Enabled
- POC gcloud-filestore-no-backups: Filestore Instance Not Using On-Demand Backup
- POC gcloud-filestore-no-cmek: Filestore Instance Not Using Customer-Managed Encryption Keys