PHP-Quick-Arcade version 3.0.21 suffers from cross site scripting and remote SQL injection vulnerabilities.
80eff95aaeccf8e9bac10fbf63b2247fcaeebc8effd09df48aa707b05115fb1fPHP Quick Arcade 3.0.21 Multiple Vulnerabilites
-----------------------------------------------------------
#Title: PHP-Quick-Arcade 3.0.21 Multiple Vulnerabilites
#Vendor: https://quickarcade.jcink.com/
-----------------------------------------------------------
#AUTHOR: ITSecTeam
#Email: Bug@ITSecTeam.com
#Website: https://www.itsecteam.com
#Forum : https://forum.ITSecTeam.com
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability47.htm
#Thanks: Pejvak,M3hr@n.s,r3dm0v3,am!rkh@n
-----------------------------------------------------------
# POC 1
-----------------------------------------------------------
www.Site.com/Arcade.php
Send Your Query With Cookie => phpqa_user_c
phpqa_user_c= Sql Injection
Can Use tamper data in mozila
-----------------------------------------------------------
# POC 2
-----------------------------------------------------------
This Bug Worked With Register_Global = On
www.Site.com/acpmoderate.php?id=Sql Injection
-----------------------------------------------------------
# POC 3
-----------------------------------------------------------
Cross Site Scripting (XSS)
www.Site.com/acpmoderate.php?serv=Xss Code
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed