This exploit demonstrates a local file disclosure (LFD) vulnerability in phpVibe due to improper sanitization of the 'file' parameter in stream.php. The attacker can access sensitive files by encoding a malicious path with '@@media' and base64 twice.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:phpVibe (all versions)
No auth needed
Prerequisites:Access to the target's stream.php endpoint