• info
• discussion
• exploit
• solution
• references

PHP Advanced Transfer Manager Remote Unauthorized Access Vulnerability

An exploit is not required.

A GET request in the following manner can be used to exploit this issue:
http://www.example.com/phpATM/users/<username>