Hrsale version 2.0.0 suffers from a local file inclusion vulnerability.
# Exploit Title: Hrsale 2.0.0 - Local File Inclusion
# Date: 10/21/2020
# Exploit Author: Sosecure
# Vendor Homepage: https://hrsale.com/index.php
# Version: version 2.0.0
This exploit allow you to download any readable file from server with out permission and login session.
1. Access to HRsale application and browse to download path with payload
2. Get /etc/passwd