.. / CVE-2018-6910

Exploit for DedeCMS 5.7 - Path Disclosure (CVE-2018-6910)

Description:

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php

Nuclei Template

View the template here CVE-2018-6910.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-6910.yaml
Copy

References:

https://github.com/kongxin520/DedeCMS/blob/master/DedeCMS_5.7_Bug.md
https://nvd.nist.gov/vuln/detail/CVE-2018-6910
https://github.com/0ps/pocassistdb
https://github.com/zhibx/fscan-Intranet
https://kongxin.gitbook.io/dedecms-5-7-bug/