CVE-2018-20629- PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal Vulnerability


# Exploit Title: PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
# Date: 30.12.2018
# Site Title: Charity Donation Script
# Vendor Homepage:
# Software Link:
# Category: Web Application
# Exploit Author: Vikas Chaudhary
# Contact:
# Web:
# Tested on: Windows 10 -Firefox
# CVE-2018-20629.
## VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative. PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record in completion and implementation of numerous projects in various
verticals and domains.. It has 300 plus PHP scripts ready to buy.

## Vulnerability Description => A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files.
Proof of Concept:-
1. Go to the site ( ) .
2. Select user demo
3-Open Burpsuit and intercept the data.
4-Now Pick any url contains wp-content ex ( )
5- Now show response in browser and delete the last portion of url (after last / ) Ex-
6- You will get all The file lists

** Also can check it by intruder .**

Myself Vikash Chaudhary, I was interested in general knowledge since childhood, so I thought why not share my knowledge with you, that's why I created this educational blog. I am a Youtuber, Author, Blogger, Trader, Freelancer, and Security Analyst. I have experience of 7 years in Blogging and Trading. I have written 3 books which you can find on this website.Keep Loving and Supporting... Thank you.