filetype:php inurl:"viewfile" -"index.php" -"idfil

  • 日期:2004-06-16
  • 类别:
  • 作者:anonymous
  • 语法:filetype:php inurl:"viewfile" -"index.php" -"idfil

  • Programmers do strange things sometimes and forget about security. This search is the perfect example. These php scripts are written for viewing files in the web directory (e.g. ww.XXX.com/viewfile.php?my_howto.txt --> will show you the my_howto.txt).An attacker can check for buggy php scripts wich allow you to view any file on the system (with webservers permissions). Try the good, old directory traversal trick: "../../../". You have to know the filename and location, but that's not a big problem (/etc/passwd anyone ?).