The exploit demonstrates a directory traversal vulnerability in PHP File Vault 0.9, allowing remote attackers to read arbitrary world-readable files via the 'sha1' parameter in fileinfo.php. The PoC shows how to traverse directories and access sensitive files like /etc/passwd.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:PHP File Vault version 0.9
No auth needed
Prerequisites:Target application must be running PHP File Vault 0.9 · Fileinfo.php must be accessible