Home >Backend Development >PHP Tutorial >PHP Advanced Transfer Manager Multiple Vulnerabilities_PHP Tutorial
PHP Advanced Transfer Manager Multiple Vulnerabilities_PHP Tutorial
- WBOYOriginal
- 2016-07-13 17:08:48908browse
Information provided: Security bulletin (or clue) hotline: 51cto.editor@gmail.com
Vulnerability category: Input confirmation vulnerability
Attack type: Remote attack
Release date: 2005-09-20
Update date: 2005-09-20
Affected systems: PHP Advanced Transfer Manager 1.x
Security systems: None
Vulnerability reporter: rgod
Vulnerability description: Secunia Advisory: SA16867
PHP Advanced Transfer Manager Compound Vulnerability
rgod has reported some vulnerabilities and security issues in PHP Advanced Transfer Manager. Malicious attackers may exploit vulnerabilities to leak system information and some sensitive information, or perform cross-script attacks.
1. Before being used to display files, the input of "current_dir" and "filename" parameters in "txt.php", "htm.php", "html.php" and "zip.php" is invalid. An attacker exploits the vulnerability to leak the contents of a malicious file through a directory barrier attack.
2. An attacker may exploit the vulnerability to leak certain PHP configuration settings by directly accessing the "test.php" script.
3. Before feedback to the user, the input of "font", "normalfontcolor" and "mess[31]" parameters in "txt.php" is invalid. The attacker exploited the vulnerability to execute malicious HTML code and malicious script code when users browsed the affected network.
Vulnerabilities and security issues were discovered in PHP Advanced Transfer Manager version 1.30, other versions may also be affected.
Test method: None
Solution: Edit the code to confirm that the input is valid and restrict access to the "test.php" script.
Program download: http://phpatm.free.fr/archive/phpATM_130.zip