Categories: Breaking NewsHacking

Disclosed critical vulnerabilities affecting the PHP file Manager

PHP File Manager was affected by several critical vulnerabilities for nearly 5 years, according to the security consultant Sijmen Ruwhof.

In July 2010 Ruwhof was looking for a web base file manager that he could use in his own web server when he came across with PHP file Manager.

At the time, he found out that the product had several critical vulnerabilities that could be easily exploited.

“After looking at it, I did some shocking findings which I’ll disclose in this article. This commercial off the shelf software product contains several critical security vulnerabilities that can be easily unauthenticated remotely exploited. On top of that, it even includes a poorly secured backdoor, leaving this web based file manager completely open.” states Sijmen Ruwhof.

Sijmen Ruwhof tried 3 times to get in touch with Revived Wire Media( the owner of PHP file Manager) without success, so he choose to disclose the security issues to the public.

Known companies as Eneco, Nintendo, Danone, Nestle, Loreal, EON, Siemens, Vattenfall, Oracle, Oxford, Hilton, T-mobile, CBS, UPC, 3M, etc. etc. are exposed to cyber attacks because they currently are using the product.

Here are some of the bugs he discovered in the PHP file Manager:

  • Built-in backdoor, that could be exploited to gain access to the PHP file manager.
  • Knowledge of the username that gives access to the software (in the first line of the DB that is text-based).
  • The DB is downloadable by using any web browser.
  • Cache containing sensitive information such as usernames and password hashes.

”Password hashes stored in the user database are unsalted and are generated via the deprecated MD5 hash algorithm. Most of these hashes can be instantly reverted back to their original password via online MD5 reversing services,” Ruwhof wrote Monday in a post to Full Disclosure.

Besides all this, the software doesn’t have any password policy, suffers from cross-site scripting and cross-site request forgery vulnerabilities, it’s vulnerable to brute-force attacks, and stores PHP session files in the web root.

5 years it is a lot of time, and it should be enough to fix all these vulnerabilities, anyway it is uncertain if Revived Wire Media will fix all the vulnerabilities in the future because it looks like PHP File Manager haven’t been updated in the last 4 years.

Enjoy the detailed analysis published by Ruwhof.

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs –  PHP File Manager,  hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Black Basta ransomware gang hit BT Group<gwmw style="display:none;"></gwmw>

BT Group (formerly British Telecom)'s Conferencing division shut down some of its servers following a…

8 hours ago

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

Germany's largest crime marketplace, Crimenetwork, has been shut down, and an administrator has been arrested.…

10 hours ago

Veeam addressed critical Service Provider Console (VSPC) bug

Veeam addressed a critical vulnerability in Service Provider Console (VSPC) that could allow remote attackers…

15 hours ago

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks…

20 hours ago

U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend, North Grid Proself, and Zyxel firewalls…

23 hours ago

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

Cisco warns customers that a decade-old ASA vulnerability, tracked as CVE-2014-2120, is being actively exploited…

1 day ago

This website uses cookies.