Comscripts Quick Classifieds 'DOCUMENT_ROOT'多个远程文件包含漏洞

Quick Classifieds是简单应用的广告管理工具软件。

ComScripts TEAM Quick Classifieds 1.0版本存在多个PHP远程文件包含漏洞。攻击者可以借助到controlcenter/中的(1)index.php3, (2) locate.php3, (3)search_results.php3, (4)classifieds/index.php3,和(5)classifieds/view.php3; (6)index.php3, (7)manager.php3, (8) pass.php3, (9)remember.php3 (10)sign-up.php3, (11 update.php3, (12 userSet.php3和(13)verify.php3；controlpannel/中的(14) alterCats.php3, (15)alterFeatured.php3, (16)alterHomepage.php3, (17)alterNews.php3, (18)alterTheme.php3, (19)color_help.php3,(20) createdb.php3, (21)createFeatured.php3, (22)createHomepage.php3,(23)createL.php3, (24)createM.php3, (25)createNews.php3, (26) createP.php3, (27)createS.php3, (28)createT.php3, (29)index.php3,(30)mailadmin.php3, (31)setUp.php3; (32)include/sendit.php3；(33) include/sendit2.php3; (34)include/adminHead.inc, (35)include/usersHead.inc和(36)style/default.scheme.inc的DOCUMENT_ROOT参数，执行攻击。