π Contrived Python PoC Exploit for CVE-2021-45010. Tiny File Manager < 2.4.7
usage: main.py [-h] -u URL -l USERNAME -p PASSWORD [-g GUI_PATH] [-r FS_RELPATH]
options:
-h, --help show this help message and exit
-u URL, --url URL Base URL
-l USERNAME, --username USERNAME
Username
-p PASSWORD, --password PASSWORD
Password
-g GUI_PATH, --gui-path GUI_PATH
GUI relative path for upload (default: /)
-r FS_RELPATH, --fs-relpath FS_RELPATH
Filesystem relative path (from web root) to write to
Tiny File Manager checks the relative path (as seen in the GUI) for write permissions before attempting the upload. In some cases a writable relative path in the GUI must be found before attempting to leverage the directory traversal
// tinyfilemanager.php (2.4.3)
$targetPath = $path . $ds;
if ( is_writable($targetPath) ) {
$fullPath = $path . '/' . $_REQUEST['fullpath'];
If the actual web root is not writable by the running user, specify the relative path to one that is.
python3 -m pip install cve_2021-45010-1.0.0-py3-none-any.whl