SpawCMS Editor – Arbitrary File Upload

• Exploit Database
• 10 阅读

• 作者： j4ck
  日期： 2010-01-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11045/

• # Author: j4ck
  # j4ck from elitehackers.pl [j4ck.root@gmail.com]
  
  #######
  
  just go to directory
  
  http:/server/[path]/spaw/demo.php
  then use image Upload, select all filetypes, and
  You can upload your evil PHP code, for example phpshell.
  
  Shell will be uploaded to selected directory.