DoorGets CMS 7.0 Open Redirect

DoorGets CMS version 7.0 suffers from an open redirect vulnerability.

MD5 | 1bcf47aa92dd9245470a475367ee8161

# Title: Open Redirect DoorGets CMS
# Version: 7.0
# vendor:
# Tested on: Windows 64-bit
# Author: Rudra Sarkar (@rudr4_sarkar)
# CVE: 2016-3726

1. Affected Param back=
2. Full URL
3. Go to login page you will get this type of URL
4. Now time for Redirect
5. Change the back= parm URL
6. Evil URL Like i encode the special charecter.
7. Now enter the URL in browser and press enter you will see login page.
8. Now Login using your email password
9. You will redirected to

# Timeline
18-06-17: Reported to the vendor
28-06-17: No reply from vendor
01-07-17: Assigned CVE-2016-3726

Related Posts