this bug was discovered by Status-x: http://www.securityfocus.com/bid/13637/info and exploit by nikyt0x: http://www.soulblack.com.ar/repo/tools/sbwebapp.txt