Directory Listing and LFI at


On October 7, 2021, I discovered a vulnerability called LFI via File Download in This is a very critical vulnerability that can use this vulnerability to identify the directory structure using the Directory Listing vulnerability and click all files including system main files, server configuration files, and source codes.

Platform(s) Affected


The attack vector existed in the URL above

How to find and exploit

Not authorized

Proof of Concept

Not authorized