CVE-2022-46604 PoC — Tecrail Responsive FileManager 代码问题漏洞

Source

https://github.com/CyberQuestor-infosec/CVE-2022-46604-Responsive-File-Manager

Associated Vulnerability

Title:Tecrail Responsive FileManager 代码问题漏洞 (CVE-2022-46604)
Description:Tecrail Responsive FileManager是意大利Tecrail公司的一款使用PHP语言编写的开源文件管理器。该产品支持视频、图像或其他文件的上传和管理。 Tecrail Responsive FileManager v9.9.5及之前版本存在安全漏洞，该漏洞源于允许攻击者绕过文件扩展名检查机制并上传精心制作的PHP文件，从而导致任意代码执行。

Readme

# CVE 2022 46604 – Responsive File Manager

> ⚠️ **Disclaimer**  
This repository is intended strictly for educational and research purposes only.  
The information and code provided here can be used in controlled environments such as private lab machines.

**Unauthorized use of this code against systems you do not own or have explicit permission to test is illegal and unethical.**  
The author is not responsible for any misuse or damage resulting from this material.

---

## 🔍 About the Vulnerability

**CVE 2022 46604** is a vulnerability found in **Responsive File Manager**, a file management plugin often integrated into web applications and content management systems. The vulnerability exists in **version 9.13.4**, where insufficient input validation of the `path` parameter allows unauthenticated users to perform **directory traversal** and access sensitive files on the server.

According to the [National Vulnerability Database (NVD)](https://nvd.nist.gov/vuln/detail/CVE-2022-46604), the issue has a **CVSS v3 base score of 7.5** (High), as it enables unauthorized access to files outside the intended web directory. Successful exploitation can lead to the exposure of configuration files, credentials, or other sensitive data.

### 📚 References

- [NVD – CVE 2022 46604](https://nvd.nist.gov/vuln/detail/CVE-2022-46604)  
- [ExploitDB Entry – 49359](https://www.exploit-db.com/exploits/49359)  
- [Responsive File Manager Official Site](https://www.responsivefilemanager.com/)

---

## 🛠 Exploit Overview

This repository includes a **modified version** of the public exploit from ExploitDB (ID 49359) to enhance its usability.

### What Was Modified

- The original script was updated to automatically retrieve the **PHPSESSID** cookie if available in the HTTP response.
- If automatic retrieval fails, the script allows users to manually input the session cookie to proceed.
- The output was cleaned up and made more readable for better demonstration and testing purposes.

---

## 🚀 Demonstration

Target File Manager Interface:  
`http://[URL]/filemanager/`

### Interface Screenshot  
![File Manager](./img/file_manager.png)

### Version Screenshot  
![Version Info](./img/file_manager_version.png)

---

## 🧪 Exploit Usage

Save the exploit script as `exploit.py` and run it with the following syntax:

```bash
python3 exploit.py [URL] [path]

# Example:
python3 exploit.py http://192.168.117.145 /etc/passwd

```
![Exploit Output](./img/output.png)

Check out the detailed walkthrough and theory on my Medium post:  
👉 [Read the blog on Medium](https://medium.com/cyberquestor/️-cve-2022-46604-exploring-a-path-traversal-vulnerability-in-responsive-file-manager-50d7ab5826ad)

File Snapshot


 [4.0K]  /data/pocs/efef04ed983e5fb2e8e8420f10ea771238d5d8fb
├── [2.3K]  exploit.py
├── [4.0K]  img
│   ├── [ 57K]  file_manager.png
│   ├── [ 72K]  file_manager_version.png
│   └── [195K]  output.png
└── [2.7K]  README.md

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!