打开网址:http://3g.163.com/3gfund/。

    看见下面有个搜索框,在搜索栏里填入任何字符,点击证券搜索,程序将报错。

报错内容如下:

Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Asia/Chongqing' for 'CST/8.0/no DST' instead in /home/deploy/3gstock/php/3g_includes/footer.php on line 1

并爆出绝对路径:
    /home/deploy/3gstock/php/3g_includes/footer.php

漏洞产生原因:
    php.ini 中 date.timezone 未设置准确。

    实际上可能只是一个 Bug …… 可能没啥用处。。。