WebSpell Picture.PHP Multiple Local File Include Vulnerabilities
BID:23348
Info
WebSpell Picture.PHP Multiple Local File Include Vulnerabilities
| Bugtraq ID: | 23348 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 06 2007 12:00AM |
| Updated: | Apr 09 2007 09:12PM |
| Credit: | Trex is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
webSPELL webSPELL 4.1.2 webSPELL webSPELL 4.1.1 webSPELL webSPELL 4.1 webSPELL webSPELL 4.0 |
| Not Vulnerable: | |
Discussion
WebSpell Picture.PHP Multiple Local File Include Vulnerabilities
WebSPELL is prone to multiple local file-include vulnerabilities because the application fails to adequately sanitize user-supplied input.
Exploiting these issues may allow an attacker to access potentially sensitive information that may aid in further attacks.
WebSPELL 4.01.02 and prior versions are vulnerable.
WebSPELL is prone to multiple local file-include vulnerabilities because the application fails to adequately sanitize user-supplied input.
Exploiting these issues may allow an attacker to access potentially sensitive information that may aid in further attacks.
WebSPELL 4.01.02 and prior versions are vulnerable.
Exploit / POC
WebSpell Picture.PHP Multiple Local File Include Vulnerabilities
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
http://www.example.com/picture.php?id=../../../[FILE]%00
http://www.example.com/picture.php?file=../../../[FILE]%00
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
http://www.example.com/picture.php?id=../../../[FILE]%00
http://www.example.com/picture.php?file=../../../[FILE]%00
Solution / Fix
WebSpell Picture.PHP Multiple Local File Include Vulnerabilities
Solution:
The vendor has released a patch and an updated version 4.01.02 to address these issues. Please see the references for more information.
webSPELL webSPELL 4.0
webSPELL webSPELL 4.1
webSPELL webSPELL 4.1.1
webSPELL webSPELL 4.1.2
Solution:
The vendor has released a patch and an updated version 4.01.02 to address these issues. Please see the references for more information.
webSPELL webSPELL 4.0
-
webSPELL webspell 4.01.02 (latest)
http://cms.webspell.org/download.php?fileID=18
webSPELL webSPELL 4.1
-
webSPELL webspell 4.01.02 (latest)
http://cms.webspell.org/download.php?fileID=18
webSPELL webSPELL 4.1.1
-
webSPELL webspell 4.01.02 (latest)
http://cms.webspell.org/download.php?fileID=18
webSPELL webSPELL 4.1.2
-
webSPELL security fixes for 4.01.02
http://cms.webspell.org/download.php?fileID=20 -
webSPELL webspell 4.01.02 (latest)
http://cms.webspell.org/download.php?fileID=18
References
WebSpell Picture.PHP Multiple Local File Include Vulnerabilities
References:
References:
- Vendor Home Page (webSPELL)