DuckieTV CMS 1.1.5 Local File Inclusion

` ___________________________________________________  
|  
| Exploit Title: DuckieTV CMS Local File Inclusion  
| Exploit Author: Ashiyane Digital security Team  
| Vendor Homepage: http://schizoduckie.github.io/DuckieTV/  
| Software Link:  
https://github.com/SchizoDuckie/DuckieTV/archive/angular.zip  
| Version: DuckieTV 1.1.5  
| Date: 2017-10-14  
| Category: webapps  
| Tested on: Kali-Linux /FireFox  
| CVE : CVE-2016-4314  
|__________________________________________________  
  
Vulnerable File :  
  
$cache = strtolower(preg_replace('/[^a-zA-Z0-9]/', '',  
$_GET['url'])).'.json';  
  
// if there's a cached version of this request in fixtures, serve it.  
if(file_exists(dirname(__FILE__).'/fixtures/'.$cache)) {  
$out =  
json_decode(file_get_contents(dirname(__FILE__).'/fixtures/'.$cache),true);  
$out['headers']['Content-Length'] = strlen($out['content']);  
unset($out['headers']['Transfer-Encoding']);  
unset($out['headers']['Cookie']);  
foreach($out['headers'] as $key=>$val) {  
header("{$key}: {$val}");  
}  
header('Proxy-Cache-hit: '.$cache);  
die($out['content']);  
} else {  
header('Proxy-Cache-miss: '.$cache);  
}  
  
Proof of Concept :  
  
http://127.0.0.1/7/DuckieTV-angular/tests/proxy.php?url=[LFI]  
  
__________________________________________________  
  
Discovered By : M.R.S.L.Y  
__________________________________________________  
`