Google Search: filetype:php inurl:”viewfile” -”index.php” -”idfil
l0om rates this entry 8 out of 10.
Submitted: 2004-06-16 00:00:00
Added by: l0om
Programmers do strange things sometimes and forget about security. This search is the perfect example. These php scripts are written for viewing files in the web directory (e.g. ww.XXX.com/viewfile.php?my_howto.txt –> will show you the my_howto.txt).An attacker can check for buggy php scripts wich allow you to view any file on the system (with webservers permissions). Try the good, old directory traversal trick: “../../../”. You have to know the filename and location, but that’s not a big problem (/etc/passwd anyone ?).