WebSPELL picture.php file Variable Direct Request Arbitrary File Access

2007-04-05T04:18:23
ID OSVDB:34637
Type osvdb
Reporter OSVDB
Modified 2007-04-05T04:18:23

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target][PAHT]/picture.php?file=[FILE]

References:

Secunia Advisory ID:24712 Related OSVDB ID: 34638 Other Advisory URL: http://milw0rm.com/exploits/3673 CVE-2007-2368