source: https://www.securityfocus.com/bid/58313/info
File Manager is prone to an HTML-injection vulnerability and a local file-include vulnerability.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, steal cookie-based authentication credentials andopenor run arbitrary files in the context of the web server process. Other attacks are also possible.
File Manager 1.2is vulnerable; other versions may also be affected.
Local file-include:<div id="bodyspace"><div id="main_menu"><h1>File Manager</h1></div><div id="main_left"><img src="http://www.example.com/images/wifilogo2.png" alt="" title="" border="0"><ul class="menu"><li class="item-101 current active"><a href="http://www.example.com/" target="_blank">Hilfe</a></li><li class="item-110"><a href="http://www.example.com/index.php/feedback-support" target="_blank">Kontakt / Feedback</a></li></ul></div><div id="module_main"><bq>Files</bq><p><a href="https://www.exploit-db.com/exploits/38363/..">..</a><br><a href="https://www.exploit-db.com/exploits/38363/1234.png.txt.iso.php.asp">1234.png.txt.iso.php.asp</a>(95.8 Kb,2013-02-1107:41:12+0000)<br><a href="https://www.exploit-db.com/exploits/38363/>[UNAUTHORIZED LOCAL FILE/PATH INCLUDE VULNERABILITY]]">[../../>[UNAUTHORIZED LOCAL FILE/PATH INCLUDE VULNERABILITY]]</a>(27.3 Kb,2013-02-1107:45:01+0000)<br /><a href="https://www.exploit-db.com/exploits/38363/About/">About/</a>(0.1 Kb,2012-10-1018:20:14+0000)<br /></p><form action="" method="post" enctype="multipart/form-data" name="form1"id="form1"><label>upload file<inputtype="file" name="file"id="file"/></label><label><inputtype="submit" name="button"id="button" value="Submit"/></label></form></div></center></body></html></iframe></a></p></div></div>
HTML-injection :<div id="bodyspace"><div id="main_menu"><h1>File Manager</h1></div><div id="main_left"><img src="http://www.example.com/images/wifilogo2.png" alt="" title="" border="0"><ul class="menu"><li class="item-101 current active"><a href="http://www.example.com/" target="_blank">Hilfe</a></li><li class="item-110"><a href="http://www.example.com/index.php/feedback-support" target="_blank">Kontakt / Feedback</a></li></ul></div><div id="module_main"><bq>Files</bq><p><a href="https://www.exploit-db.com/exploits/38363/..">..</a><br><a href="https://www.exploit-db.com/exploits/38363/[PERSISTENT INJECTED SCRIPT CODE!].png.txt.iso.php.asp">[PERSISTENT INJECTED SCRIPT CODE!].png.txt.iso.php.asp</a>(95.8 Kb,2013-02-1107:41:12+0000)<br><a href="https://www.exploit-db.com/exploits/38363/[PERSISTENT INJECTED SCRIPT CODE!]">[PERSISTENT INJECTED SCRIPT CODE!]</a>(27.3 Kb,2013-02-1107:45:01+0000)<br /><a href="https://www.exploit-db.com/exploits/38363/About/">About/</a>(0.1 Kb,2012-10-1018:20:14+0000)<br /></p><form action="" method="post" enctype="multipart/form-data" name="form1"id="form1"><label>upload file<inputtype="file" name="file"id="file"/></label><label><inputtype="submit" name="button"id="button" value="Submit"/></label></form></div></center></body></html></iframe></a></p></div></div>
