Information provided: Security bulletins (or leads) Hotline: 51cto.editor@gmail.com
Vulnerability Category: Input Confirmation vulnerability
Attack Type: Remote attack
Release Date: 2005-09-20
Update on: 2005-09-20
Affected system: PHP Advanced Transfer Manager 1.x
Safety System: None
Vulnerability Reporter: Rgod
Vulnerability Description: Secunia advisory:sa16867
PHP Advanced Transfer Manager Composite Vulnerability
Rgod has reported some of the vulnerabilities and security issues in PHP Advanced Transfer Manager. A malicious attacker could exploit the vulnerability to compromise system information and some sensitive information, or to perform cross-scripting attacks.
1. The input to the "Current_dir" and "filename" parameters in "txt.php", "htm.php", "html.php" and "zip.php" are not valid until the file is displayed. An attacker exploits a vulnerability to compromise the content of a malicious file through a directory barrier attack.
2. An attacker exploiting the vulnerability by direct access to the "test.php" script may reveal certain PHP configuration settings.
3. The input to the "font", "Normalfontcolor", and "mess[31" parameters in "txt.php" is not valid until feedback is given to the user. When a user browses to an affected network, an attacker exploits the vulnerability to execute malicious HTML code and malicious script code.
Vulnerabilities and security issues were identified in the PHP advanced Transfer Manager 1.30 release, and other versions may also be affected.
Test method: None
Workaround: Edit the code to confirm that the input is valid and restrict access to the "test.php" script.
Program Download: Http://phpatm.free.fr/archive/phpATM_130.zip
http://www.bkjia.com/PHPjc/629815.html www.bkjia.com true http://www.bkjia.com/PHPjc/629815.html techarticle information provided: security bulletin (or lead) Hotline: 51cto.editor@gmail.com Vulnerability Category: Input confirmation vulnerability attack Type: Remote attack release date: 2005-09-20 update Date ...
