The exploit demonstrates a file enumeration vulnerability in DzSoft PHP Editor v4.2.7 by bypassing access controls using HEAD requests with directory traversal sequences. It includes functional Python code to enumerate files outside the webroot.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:DzSoft PHP Editor v4.2.7
No auth needed
Prerequisites:DzSoft built-in web server running · REMOTE_HOST/REMOTE_ADDR set to a non-localhost IP