Vulnerabilities > CVE-2006-1747 - Unspecified vulnerability in Vwar Virtual WAR 1.5.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN vwar
exploit available
Summary
PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3) stats.php, (4) news.php, (5) joinus.php, (6) challenge.php, (7) calendar.php, (8) member.php, (9) popup.php, and other unspecified scripts in the admin folder. NOTE: these are different attack vectors than CVE-2006-1636 and CVE-2006-1503.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description VWar 1.5 stats.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform id EDB-ID:28356 last seen 2016-02-03 modified 2006-08-07 published 2006-08-07 reporter AG-Spider source https://www.exploit-db.com/download/28356/ title VWar 1.5 stats.php vwar_root Parameter Remote File Inclusion description VWar 1.5 member.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform id EDB-ID:28351 last seen 2016-02-03 modified 2006-08-07 published 2006-08-07 reporter AG-Spider source https://www.exploit-db.com/download/28351/ title VWar 1.5 member.php vwar_root Parameter Remote File Inclusion description VWar 1.5 news.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform id EDB-ID:28355 last seen 2016-02-03 modified 2006-08-07 published 2006-08-07 reporter AG-Spider source https://www.exploit-db.com/download/28355/ title VWar 1.5 news.php vwar_root Parameter Remote File Inclusion description VWar 1.5 calendar.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform id EDB-ID:28352 last seen 2016-02-03 modified 2006-08-07 published 2006-08-07 reporter AG-Spider source https://www.exploit-db.com/download/28352/ title VWar 1.5 calendar.php vwar_root Parameter Remote File Inclusion description VWar 1.5 war.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform id EDB-ID:28350 last seen 2016-02-03 modified 2006-08-07 published 2006-08-07 reporter AG-Spider source https://www.exploit-db.com/download/28350/ title VWar 1.5 war.php vwar_root Parameter Remote File Inclusion description VWar 1.5 joinus.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform id EDB-ID:28354 last seen 2016-02-03 modified 2006-08-07 published 2006-08-07 reporter AG-Spider source https://www.exploit-db.com/download/28354/ title VWar 1.5 joinus.php vwar_root Parameter Remote File Inclusion description VWar 1.5 challenge.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform id EDB-ID:28353 last seen 2016-02-03 modified 2006-08-07 published 2006-08-07 reporter AG-Spider source https://www.exploit-db.com/download/28353/ title VWar 1.5 challenge.php vwar_root Parameter Remote File Inclusion id EDB-ID:1658
References
- http://liz0zim.no-ip.org/vwar.txt
- http://liz0zim.no-ip.org/vwar.txt
- http://marc.info/?l=bugtraq&m=115497619330609&w=2
- http://marc.info/?l=bugtraq&m=115497619330609&w=2
- http://www.blogcu.com/Liz0ziM/431925/
- http://www.blogcu.com/Liz0ziM/431925/
- http://www.securityfocus.com/archive/1/430389/100/0/threaded
- http://www.securityfocus.com/archive/1/430389/100/0/threaded
- http://www.securityfocus.com/bid/17443
- http://www.securityfocus.com/bid/17443
- http://www.securityfocus.com/bid/19387
- http://www.securityfocus.com/bid/19387
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28265
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28265
- https://www.exploit-db.com/exploits/1658
- https://www.exploit-db.com/exploits/1658