SpawCMS Editor - Arbitrary File Upload

EDB-ID:

11045

CVE:

N/A

Author:

j4ck

Type:

webapps

Platform:

PHP

Published:

2010-01-06

# Author: j4ck
# j4ck from elitehackers.pl [j4ck.root@gmail.com]

#######

just go to directory

http:/server/[path]/spaw/demo.php
then use image Upload, select all filetypes, and
You can upload your evil PHP code, for example phpshell.

Shell will be uploaded to selected directory.