************************************************
# Exploit Title: PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
# Date: 30.12.2018
# Site Title : Advance Crowdfunding Script
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: http://ordermanagementscript.com/demo/bettervest-clone/
# Category: Web Application
# Version: 2.0.3
# Exploit Author: Vikas Chaudhary
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web: https://gkaim.com/
# Tested on: Windows 10 -Firefox
# CVE-2018-20630.
************************************************
Proof of Concept:-
————————–
1. Go to the site (http://ordermanagementscript.com/demo/bettervest-clone/ ) .
5-Open Burpsuit and intercept the data.
6-Now Pick any url contains wp-content ex – http://ordermanagementscript.com/demo/bettervest-clone/uploads/success_logo/supporter_58dd267c8514d.jpg
7- Now show response in browser and delete the last portion of url (after last / ) Ex- http://ordermanagementscript.com/demo/bettervest-clone/uploads/project_documents/
8- You will get all The file lists
** Also can check it by intruder .**
************************************************
You must log in to post a comment.