PHP Quick Arcade 3.0.21 – Multiple Vulnerabilities

• Exploit Database
• 113 阅读

• 作者： ITSecTeam
  日期： 2010-04-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12416/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

  PHP Quick Arcade 3.0.21 Multiple Vulnerabilites ----------------------------------------------------------- #Title: PHP-Quick-Arcade 3.0.21 Multiple Vulnerabilites #Vendor: http://quickarcade.jcink.com/ ----------------------------------------------------------- #AUTHOR: ITSecTeam #Email: Bug@ITSecTeam.com #Website: http://www.itsecteam.com #Forum : http://forum.ITSecTeam.com #Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability47.htm #Thanks: Pejvak,M3hr@n.s,r3dm0v3,am!rkh@n ----------------------------------------------------------- # POC 1 ----------------------------------------------------------- www.Site.com/Arcade.php Send Your Query With Cookie => phpqa_user_c phpqa_user_c= Sql Injection Can Use tamper data in mozila ----------------------------------------------------------- # POC 2 ----------------------------------------------------------- This Bug Worked With Register_Global = On www.Site.com/acpmoderate.php?id=Sql Injection ----------------------------------------------------------- # POC 3 ----------------------------------------------------------- Cross Site Scripting (XSS) www.Site.com/acpmoderate.php?serv=Xss Code