CVE-2018-20643-vikas-chaudhary

CVE-2018-20643- PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal


*******************************************
# Exploit Title: PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
# Date: 30.12.2018
# Site Title : JOB SITE (Job Portal)
# Vendor Homepage: https://www.phpscriptsmall.com/
#Vendor Software: https://www.phpscriptsmall.com/product/entrepreneur-job-portal-script/
# Software Link: http://freelancewebdesignerchennai.com/demo/job-portal/
# Category: Web Application
# Version: 3.0.1
# Exploit Author: Vikas Chaudhary
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web: https://gkaim.com/
# Tested on: Windows 10 -Firefox ,
# CVE-2018-20643.
********************************************

## VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative. PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record in completion and implementation of numerous projects in various
verticals and domains.. It has 300 plus PHP scripts ready to buy.

## Vulnerability Description => A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files.
**********************************************

——————————————
Proof of Concept:-
——————————————
1. Go to the site ( http://freelancewebdesignerchennai.com/demo/job-portal/ ) .
2- Click on REGISTER page (Register now) .
3- Register by giving you name ,mail and soo on…
4- Verify your mail
5- Come to side and login using your verified mail
6 -When you Logged in
7- Spider the Host Through Burpsuit .
8-Copy and URL having image or any Script – Ex- http://freelancewebdesignerchennai.com/demo/job-portal/assets/images/glasses.png
9 Now Erase the url from last You will find all the Directory and Source code . Ex- http://freelancewebdesignerchennai.com/demo/job-portal/assets/
10- Also can do it Through using payload list of File folder Disclosure.

Comment Please