Release date:
Updated on: 2013-06-19
Affected Systems:
Sourceforge Simple File Manager v.024
Sourceforge Simple File Manager
Description:
--------------------------------------------------------------------------------
Bugtraq id: 60579
Simple File Manager is a Web-based File management program.
Simple File Manager 0.24 has a security vulnerability. Attackers can exploit this vulnerability to bypass security restrictions and access the management panel.
<* Source: Chako
Link: http://www.exploit-db.com/exploits/26246/
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.target _ example.com/fm.php? U = [UserName]
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Sourceforge
-----------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://onedotoh.sourceforge.net/