DoorGets CMS 7.0 Open Redirect

Posted on 04 July 2017

# Title: Open Redirect DoorGets CMS # Version: 7.0 # vendor: https://github.com/doorgets/doorGets/ # Tested on: Windows 64-bit # Author: Rudra Sarkar (@rudr4_sarkar) # CVE: 2016-3726 1. Affected Param back= 2. Full URL http://127.0.0.1/dg-user/?controller=authentification&back=http%3A%2F%2Fexploitlab.ex%2F 3. Go to login page you will get this type of URL 4. Now time for Redirect 5. Change the back= parm URL http://exploitlab.ex/dg-user/?controller=authentification&back=http%3a%2f%2fevil.com%2f 6. Evil URL Like http://evil.com/ i encode the special charecter. 7. Now enter the URL in browser and press enter you will see login page. 8. Now Login using your email password 9. You will redirected to http://evil.com # Timeline 18-06-17: Reported to the vendor 28-06-17: No reply from vendor 01-07-17: Assigned CVE-2016-3726

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20