RedTeam Labs

Information Security Vulnerablities, Exploit Code and News

CATEGORIES:      Company News General Industry News Research List View

RedTeam Discovers 0-day in FileThingie Web App

Category: Research Tags: file thingie, web, exploit, 0day, php
Posted by: labs@redteamsecure.com (Jeremiah Talamantes) on 2010-05-17 12:01:50

RedTeam Discovers Access Violation Vulnerability in File Thingie Web-based File Manager

Jeremiah Talamantes, Principal Security Consultant and Security Researcher at RedTeam, has discovered a security vulnerability in File Thingie version 2.5.5. File Thingie is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks may also possible.

Jeremiah has developed proof of concept code for this vulnerability in PHP that overwrites the ft2.php source code with a "backdoored" copy of the application disabling many of the implemented security controls.

This 0-day has been published by the Exploit Database, SecurityFocus and Packet Storm Security among others.

Published Exploit
* Security Focus: 40186
* Exploit DB: 12617



Share |



Follow Our Twitter

Follow Our RSS

Share this: |


Categories



DISCLAIMER
    The content, tools, methodologies and proof of concept code contained in these articles are in no way intended to be used for malicious intent. This information is to be used for educational purposes only. RedTeam Security does not condone the malicious use nor does it warranty the use of any of the content contained herein.


Contact Us

Phone number:
1-612-234-7848

E-mail:

info@redteamsecure.com