document dowload
Right to open the file in a new tab:
Observe the code behind it issued he did not do any protection directly to get to the strings together we can construct a complete download url download file:
http://192.168.0.105/pikachu/vul/unsafedownload/execdownload.php?filename=../../../inc/config.inc.php
This put the sensitive files can be downloaded locally: