CVE-2008-6022
Xnova - Remote Code Execution via ugamela_root_path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-6022. PoCs published by NuclearHaxor.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Xnova (Ogame) due to an undeclared variable (`ugamela_root_path` or `xnova_root_path`) being used in an include statement. The PoC shows how an attacker can inject a remote shell by manipulating the vulnerable parameter.
Description
PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in an older version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the ugamela_root_path parameter.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Xnova (Ogame) due to an undeclared variable (`ugamela_root_path` or `xnova_root_path`) being used in an include statement. The PoC shows how an attacker can inject a remote shell by manipulating the vulnerable parameter.