#!/usr/bin/perl
############
# Fantastic News
# 
# Homepage: http://fscripts.com
# Affected Version: <= 2.1.4
# Patched Version: /
# Date: 08.09.2006
# 
# Application Risk: High
#
# Vendor notified : no contact given, your fault !
#
#
# Vulnerable found : Sx02
# http://sx02.coresec.de
#
#
#############
#
#   Vulnerable code (archive.php)
#   
#   require_once($CONFIG['script_path']."config.php");
#   require_once($CONFIG['script_path']."functions/functions.php");
#   require_once($CONFIG['script_path']."functions/mysql.php");
#   require_once($CONFIG['script_path']."functions/template.php");
#
#   --------------------------------------------------------
#
#   $CONFIG['script_path'] is not declared before, so it is vulnerable to remote file
#   inclusion.
#
#   archive.php?$CONFIG['script_path']=
#
#   Required : Register Global = on
#
#   --------------------------------------------------------
#
#   Solution :
#
#   declare variables before including them !
#
#   --------------------------------------------------------
#
#   "Everything should be made as simple as possible, but not simpler"
#   'Albert Einstein'
#
############