Acum cateva zile am dat peste asta : http://rstcenter.com/forum/22057-lfd-happyfish-ro.rst , un post a lui leximus2002 in care este prezentat : LFD (Local File Disclosure).O chestie destul de serioasa.In postul facut de leximus2002 sunt si niste linkuri :

“/etc/passwd : http://www.happyfish.ro/download.php?target=../../../../../../../etc/passwd ”
“DB Setting: http://www.happyfish.ro/download.php?target=../../app/config/database.php ”

Am incercat sa dau de cineva de la HappyFish , nu am reusit . Poate altcineva are mai mult success ca mine.
Cei de la HF imi sunt dragi .Sunt buni in ceea ce fac ei ,chiar apreciez de aceea sper sa fixeze problema asta cat mai repede .

This is a special PDF hack: I managed to make a PoC PDF to execute an embedded executable without exploiting any vulnerability!

I use a launch action triggered by the opening of my PoC PDF. With Adobe Reader, the user gets a warning asking for approval to launch the action, but I can (partially) control the message displayed by the dialog. Foxit Reader displays no warning at all, the action gets executed without user interaction.

Din ce in ce mai multe stiri despre PDF si problemele lui , din ce in ce mai multi se intrec in a gasi ceva nou.
Cam asa arata un post de a lui Didier Stevens .Gasiti pe blog-ul lui video + more info
Link : http://blog.didierstevens.com/2010/03/29/escape-from-pdf/