CVE Certified
GHDB

filetype:php inurl:"viewfile" -"index.php" -"idfil

prev next

Google search: filetype:php inurl:"viewfile" -"index.php" -"idfil

Hits: 2400

Submited: 2004-06-16

Programmers do strange things sometimes and forget about security. This search is the perfect example. These php scripts are written for viewing files in the web directory (e.g. ww.XXX.com/viewfile.php?my_howto.txt --> will show you the my_howto.txt).An attacker can check for buggy php scripts wich allow you to view any file on the system (with webservers permissions). Try the good, old directory traversal trick: "../../../". You have to know the filename and location, but that's not a big problem (/etc/passwd anyone ?).