cve/2018/CVE-2018-14728.md

CVE-2018-14728

Description

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.

POC

Reference

• http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html
• http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html
• https://www.exploit-db.com/exploits/45103/
• https://www.exploit-db.com/exploits/45103/

Github

• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/Elsfa7-110/kenzer-templates
• https://github.com/d4n-sec/d4n-sec.github.io
• https://github.com/merlinepedra/nuclei-templates
• https://github.com/merlinepedra25/nuclei-templates
• https://github.com/sobinge/nuclei-templates