saetv2.ex.class.php,Wordpree某插件代码审计不严

访问某站，wordpree系统，浏览器禁用了javascript，发现评论处出网站路径泄露，从wordpree插件下载频道下载此插件，发现问题还很多，请往下看访问http://www.cnluc.com/看文章时，浏览器默认禁用javascript出来下面的效果，有图有真相

原因：comments.php

1

问题二：直接访问该文件：comments.php

原因：第四行

$pinglunla_seo = get_option("pinglunla_seo", 0);

1

$pinglunla_seo=get_option("pinglunla_seo",0);

变量get_option()没有被声明贴出这万恶的文件代码：

include_once(dirname(__FILE__)."/pinglunla-utils.php");$pinglunla_seo = get_option("pinglunla_seo", 0);

$webpage_url = "http://".PLL_URL."/comment_box/plugin/get_comments?url=".urlencode(pinglunla_cur_page_url());?>

if($pinglunla_seo == 1) {

echo file_get_contents($webpage_url);

}

?>

评论啦

1

2

3

4

5

6

7

8

9

10

11

12

13

include_once(dirname(__FILE__)."/pinglunla-utils.php");$pinglunla_seo=get_option("pinglunla_seo",0);

$webpage_url="http://".PLL_URL."/comment_box/plugin/get_comments?url=".urlencode(pinglunla_cur_page_url());?>

if($pinglunla_seo==1){

echofile_get_contents($webpage_url);

}

?>

评论啦

第三个问题：源程序sinaweibo文件夹下index.php

session_start();include_once( 'config.php' );

include_once( 'saetv2.ex.class.php' );

1

2

3

session_start();include_once('config.php');

include_once('saetv2.ex.class.php');

未在文件夹中发现有那个saetv2.ex.class.php，倒是有个saetv2.php贴出某中标网站：http://www.cnluc.com/wp-content/plugins/pinglunla/readme.txthttp://www.cnluc.com/wp-content/plugins/pinglunla/comments.phphttp://www.cnluc.com/wp-content/plugins/pinglunla/sinaweibo/http://www.iamle.com/wp-content/plugins/pinglunla/readme.txt程序下载地址：http://downloads.wordpress.org/plugin/pinglunla.zip