CVE-2008-6023
xnova < 0.8 - Remote Code Execution via xnova_root_path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-6023. PoCs published by NuclearHaxor.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Xnova (Ogame) due to an undeclared variable (`ugamela_root_path` or `xnova_root_path`) being used in an include statement. The PoC shows how an attacker can inject a remote shell by manipulating the vulnerable parameter.
Description
PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Xnova (Ogame) due to an undeclared variable (`ugamela_root_path` or `xnova_root_path`) being used in an include statement. The PoC shows how an attacker can inject a remote shell by manipulating the vulnerable parameter.