打开网址:http://3g.163.com/3gfund/。
看见下面有个搜索框,在搜索栏里填入任何字符,点击证券搜索,程序将报错。
报错内容如下: Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Asia/Chongqing' for 'CST/8.0/no DST' instead in /home/deploy/3gstock/php/3g_includes/footer.php on line 1 |
并爆出绝对路径:
/home/deploy/3gstock/php/3g_includes/footer.php
漏洞产生原因:
php.ini 中 date.timezone 未设置准确。
实际上可能只是一个 Bug …… 可能没啥用处。。。