[VIM] [Fwd: SPAW Editor PHP Edition]

Ferdy Riphagen f.riphagen at nsec.nl
Fri Mar 2 15:14:21 EST 2007

The file mentioned here is only a patch.

img_library,php contains:
// include wysiwyg config
include '../config/spaw_control.config.php';
include $spaw_root.'class/util.class.php';
include $spaw_root.'class/lang.class.php';

With a install you have to rename 
"../config/spaw_control.default.config.php" to 

spaw_control.config.php contains:
// calculate root folder for spaw files
$spaw_root = realpath(dirname(__FILE__)."/..");
$spaw_root = str_replace("\\","/",$spaw_root);
if (!ereg('/$', $spaw_root))
  $spaw_root = $spaw_root."/";

The patch is for the "zend_hash_del_key_or_index" vulnerability by using 
the hashes for "spaw_imglib_include" (-86707544, -411170602)


-------- Original Message --------

Remote IInclude File : SPAW Editor PHP Edition upgrade version 1.2.3 to 1.2.4

Discovered By : Hasadya Raed
Contact Me : RaeD[at]BsdMail[dot]Com
Download Script:

B.File :img_library.php :
include $spaw_root.'class/util.class.php'; 
include $spaw_root.'class/lang.class.php'; 



By Hasadya Raed

Get your free email from http://bsdmail.com

More information about the VIM mailing list