Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability
This is a WebSite physical path leakage vulnerability. The proof of concept (POC) involves visiting the following pages: http://localhost/z-blog//zb_system/admin/admin_footer.php, http://localhost/z-blog//zb_system/admin/admin_header.php, http://localhost/z-blog//zb_system/admin/admin_left.php, http://localhost/z-blog//zb_system/admin/admin_top.php, http://localhost/z-blog//zb_system/function/c_system_admin.php, http://localhost/z-blog//zb_system/function/c_system_misc.php, http://localhost/z-blog//zb_system/function/lib/category.php, http://localhost/z-blog//zb_system/function/lib/comment.php, http://localhost/z-blog//zb_system/function/lib/dbmysql.php, http://localhost/z-blog//zb_system/function/lib/dbmysqli.php, http://localhost/z-blog//zb_system/function/lib/dbpdo_mysql.php, http://localhost/z-blog//zb_system/function/lib/dbpdo_pgsql.php, http://localhost/z-blog//zb_system/function/lib/dbpdo_sqlite.php, http://localhost/z-blog//zb_system/function/lib/dbpgsql.php, http://localhost/z-blog//zb_system/function/lib/dbsqlite.php, http://localhost/z-blog//zb_system/function/lib/dbsqlite3.php, http://localhost/z-blog//zb_system/function/lib/member.php, http://localhost/z-blog//zb_system/function/lib/module.php, http://localhost/z-blog//zb_system/function/lib/networkcurl.php, http://localhost/z-blog//zb_system/function/lib/networkfile_get_contents.php, http://localhost/z-blog//zb_system/function/lib/networkfsockopen.php, http://localhost/z-blog//zb_system/function/lib/post.php, http://localhost/z-blog//zb_system/function/lib/sqlmysql.php, http://localhost/z-blog//zb_system/function/lib/sqlpgsql.php, http://localhost/z-blog//zb_system/function/lib/sqlsqlite.php, http://localhost/z-blog//zb_system/function/lib/tag.php, http://localhost/z-blog//zb_syste
