Google Search: “Powered by PHPFM” filetype:php -username
murfie rates this entry 4 out of 10.
Submitted: 2004-07-12 10:56:56
Added by: murfie
PHPFM is an open source file manager written in PHP. It is easy to set up for a beginner, but still easy to customize for the more experienced user. The built-in login system makes sure that only people with the right username and password gains access to PHPFM, however, you can also choose to disable the login system and use PHPFM for public access. It can currently: create, rename and delete folders; create, upload, rename, download and delete files; edit text files; view image files; sort files by name, size, permissions and last modification date both ascending and descending; communicate in more languages. This search finds those “public” versions of PHPFM. An attacker can use them to manage his own files (phpshell anyone ?).PS: thanks to j0hnny for the public access angle :)
2004-07-18 07:24:25 (murfie): seems there are still some false positives in this search.. so ignore br.armorama.com.. also not every site lets you upload (just download enabled).
2004-07-18 07:36:35 (Anonymous): It seems PHPFM has some sort of protection, you can’t just upload .php files :(
“Uploading phpshell.php [FAILED!]“..