Responsive Filemanager 9.8.1 Authentication Bypass

From: yavuz atlas <yavatlas@gmail.com>
To: bugtraq@securityfocus.com,fulldisclosure@seclists.org,bugs@securitytracker.com
Cc:
Subject: Responsive Filemanager 9.8.1 Authentication Bypass
Date:


I. VULNERABILITY
-------------------------
Responsive Filemanager 9.8.1 Authentication Bypass

II. CVE REFERENCE
-------------------------
CVE-2018-18061

III. VENDOR
-------------------------
https://www.responsivefilemanager.com

IV. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-18061

V. CREDIT
-------------------------
Yavuz Atlas of Biznet Bilisim
http://www.biznet.com.tr/biznet-guvenlik-duyurulari

VI. DESCRIPTION
-------------------------
Responsive Filemanager version 9.8.1 allows remote attackers to bypass
authentication. The vulnerability allows attackers to access file
management interface which gives permission to updload, edit and
delete files.

VII. PROOF OF CONCEPT
-------------------------
http://localhost/filemanager/dialog.php is forbidden. But any value
with secretkey parameter bypass this restriction.

http://localhost/filemanager/dialog.php?secretkey=anything





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.