There is a files vulnerability that can be downloaded Arbitrary files

Although there are file directory restriction,but obviously it can be bypassed. 

poc:  
we can visit this url  and download any file.for example,we can get config.php
![3](https://user-images.githubusercontent.com/43108927/51886178-a54a0100-23c9-11e9-8596-8ae3059ff681.png)
So,the configuration information we got:

![4](https://user-images.githubusercontent.com/43108927/51886356-8304b300-23ca-11e9-86ac-a87915107333.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There is a files vulnerability that can be downloaded Arbitrary files #13

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

There is a files vulnerability that can be downloaded Arbitrary files #13

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions