PHP Advanced Transfer Manager multiple vulnerabilities

Information provided: security bulletin (or clue) provide hotline: 51cto.editor@gmail.com
Vulnerability Category: Enter a confirmation vulnerability
Attack Type: Remote attack
Release Date: 2005-09-20
Renew Date: 2005-09-20
Affected systems: PHP Advanced Transfer Manager 1.x
Security system: None
Vulnerability Speaker: Rgod
Vulnerability Description: Secunia advisory:sa16867
PHP Advanced Transfer Manager Composite Vulnerability
Rgod has reported some vulnerabilities and security issues in the PHP Advanced Transfer Manager. A malicious attacker could exploit a vulnerability that could reveal system information and sensitive information, and might also perform a cross script attack.
1. The input for the "Current_dir" and "filename" parameters in "txt.php", "htm.php", "html.php" and "zip.php" is not valid until the file is displayed. An attacker exploits vulnerabilities to reveal the contents of a malicious file through a directory-barrier attack.
2. An attacker exploiting vulnerabilities could reveal certain PHP configuration settings by accessing the "test.php" script directly.
3. The input of "font", "Normalfontcolor" and "mess[31" parameters in "txt.php" is not valid until feedback is given to the user. When a user browses to an affected network, an attacker exploits the vulnerability to execute malicious HTML code and malicious scripting code.
Vulnerabilities and security issues are found in the PHP Advanced Transfer Manager version 1.30, and other versions may also be affected.
Test method: None
Workaround: Edit the code to confirm that the input is valid and restrict access to the "test.php" script.
Program Download: Http://phpatm.free.fr/archive/phpATM_130.zip