filetype:php inurl:"viewfile" -"index.php" -"idfil

GHDB-ID:

289

Author:

anonymous

Google Dork Description:

filetype:php inurl:"viewfile" -"index.php" -"idfil

Programmers do strange things sometimes and forget about security. This search is the perfect example. These php scripts are written for viewing files in the web directory (e.g. ww.XXX.com/viewfile.php?my_howto.txt --> will show you the my_howto.txt).An attacker can check for buggy php scripts wich allow you to view any file on the system (with webservers permissions). Try the good, old directory traversal trick: "../../../". You have to know the filename and location, but that's not a big problem (/etc/passwd anyone ?).