<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>I've duckduckgo-ed GET /download.php?file=../.</p>
    <p>This shows up
      <a class="moz-txt-link-freetext" href="https://www.tutorialrepublic.com/php-tutorial/php-file-download.php">https://www.tutorialrepublic.com/php-tutorial/php-file-download.php</a></p>
    <p>There is download.php example file in it with</p>
    <p>```</p>
    <pre class="syntax-highlighter line-numbers language-php"><code class=" language-php"><span class="token php language-php">    <span class="token variable">$file</span> <span class="token operator">=</span> <span class="token function">urldecode</span><span class="token punctuation">(</span><span class="token variable">$_REQUEST</span><span class="token punctuation">[</span><span class="token double-quoted-string string">"file"</span><span class="token punctuation">]</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// Decode URL-encoded string</span>
    <span class="token variable">$filepath</span> <span class="token operator">=</span> <span class="token double-quoted-string string">"images/"</span> <span class="token punctuation">.</span> <span class="token variable">$file</span><span class="token punctuation">;</span>
</span></code></pre>
    <p>```</p>
    <p>PHP isn't my language, but nothing here jumps out, saying
      sanitize path.</p>
    <p>How many people can use this example to add a download
      functionality to whatever app/site. StackOverflow style
      programming?<br>
    </p>
    <p>May be its a good idea to search system for download.php?</p>
    <p><br>
    </p>
    <div class="moz-cite-prefix">On 2019-12-28 1:49 a.m., Paul Nijjar
      via kwlug-disc wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:20191228064953.GC1207@nb-heartburn">
      <pre class="moz-quote-pre" wrap="">In my Apache logs I saw something like this, and my search-engine
skills are weak: 

133.18.209.124 - - [27/Dec/2019:04:09:39 -0500] "GET /download.php?file=../../../../../../../../../../../../etc/passwd HTTP/1.1" 404 209 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 

It's pretty obvious what they are trying to do, but I am having
trouble figuring out what the target is, exactly. Is this an exploit
in a popular web package I should know about?

- Paul
</pre>
    </blockquote>
  </body>
</html>