
Vulnerability Description => The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
< < < How to Exploit > > >
1. Go to Medical Store Script site ( http://phpecommercescript.com/demo/medicalshop/)
β β β β

2. Open Burpsuit then intercept and spider the data.
β β β β

3. Now use the burp search option and search jpg or png
β β β β

4. Now pick any link and select show response in the browser
β β β β

5. Then delete the last part of URL [after last forward slash] (http://phpecommercescript.com/demo/medicalshop/wp-content/uploads/2016/10/about-cont-1170×400.jpg)
β β β β

6. You will get all The file lists (Directory listing)
β β β β

*** Also can check it by copy any picture URL and remove last part. ***

Leave a Reply