Although there are file directory restriction,but obviously it can be bypassed. poc: we can visit this url and download any file.for example,we can get config.php  So,the configuration information we got: 
Although there are file directory restriction,but obviously it can be bypassed.
poc:
we can visit this url and download any file.for example,we can get config.php
So,the configuration information we got: