CVE-2006-1584

Warcraft III Replay Parser for PHP <1.8c - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1584. PoCs published by botan.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Warcraft III Replay Parser for PHP 1.8c, allowing arbitrary remote file inclusion and execution of malicious PHP code. The example URL demonstrates how an attacker could exploit this by including a remote file with a command execution payload.

Description

Unspecified vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to fopen function calls or file uploads. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by botan · textwebappsphp

https://www.exploit-db.com/exploits/27537

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in Warcraft III Replay Parser for PHP 1.8c, allowing arbitrary remote file inclusion and execution of malicious PHP code. The example URL demonstrates how an attacker could exploit this by including a remote file with a command execution payload.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Warcraft III Replay Parser for PHP 1.8c

No auth needed

Prerequisites: A vulnerable version of Warcraft III Replay Parser for PHP · Ability to host a malicious PHP file on a remote server · Network access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →