# Exploit Title: SpawCMS Shell Upload Voulerability
# Date: 6.10.2010
# Author: j4ck
# Software Link: http://www.solmetra.com/spaw/
# Version: All Versions
# Tested on: *
# CVE : -
# Code :
# j4ck from elitehackers.pl [j4ck.root@gmail.com]

#######

just go to directory

http:/[somesite.com]/[path]/spaw/demo/demo.php
then use image Upload, select all filetypes, and
You can upload your evil PHP code, for example phpshell.

Shell will be uploaded to selected directory.