Exploits / Vulnerability Discovered : 2018-08-27 |
Type : webapps |
Platform : php
This exploit / vulnerability Responsive filemanager < 9.13.4 directory traversal is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
The following vulnerabilities were fixed in the version 9.13.4.
https://responsivefilemanager.com
#1 Path Traversal Allows to Read Any File
Reserved CVE: CVE-2018-15535
Discovered By: Simon Uvarov
Vendor Status: Fixed
Details:
The following request allows a user to read any file on the system.
It is possible to create archives containing ../../ as a part of a file path, now it's famous as ZipSlip vulnerability, but it's an old bug.
It is impossible to upload .php files or .htaccess file using this method, but itas possible to create different files with "legal" extensions on a system and it may lead to remote code execution if a server runs with enough privileges, for example, to create cron jobs.